SUBSCRIBE NOW Just 99¢ for your first month



Data breach hits Essentia Health

Affected patients are being offered free credit-monitoring services.

Essentia Health-St. Mary's Medical Center
Essentia Health-St. Mary's Medical Center on East Third Street in Duluth. (file / News Tribune)
We are part of The Trust Project.

More than 1,000 Essentia Health patients may be among those victimized in a large-scale data breach, the health system announced Wednesday.

Nemadji Research Corp., a health data management business based in Bruno, Minn., fell victim to a phishing attack earlier this year that allowed outside access to medical information to 14,591 patients, the Los Angeles Times reported on Tuesday.

In a news release, Essentia Health said it has notified its patients whose information may have been compromised. Essentia formerly contracted with Nemadji to assist with billing services, according to the news release, but no longer does so.

“Essentia Health is not aware of any actual or attempted misuse of this information, but as a trusted health care provider, it is important to us that our patients are made aware of this disclosure so they can take steps to protect themselves,” the news release stated.

In the event of a breach, health care providers are required under HIPAA to notify affected individuals, the U.S. Department of Health & Human Services; and, in some cases, the news media.


All of the affected patients are being offered free credit-monitoring services, the news release added.

Essentia Health had provided Nemadji with information about some of its patients to “ensure prompt and appropriate delivery of these services,” it stated.

In a statement on its website, Nemadji said it identified “unusual activity” in an employee’s email account on March 28 and turned to a computer forensics expert to investigate. The investigator found that someone had access to the employee’s email account for several hours on that date after the employee fell victim to a phishing email.

On June 5, the company identified the first instance in which personal information “may have been accessible,” and began notifying its clients, the website announcement stated.

The data breach goes far beyond Essentia. The Los Angeles Times reported, for example, that thousands of patients of Los Angeles County’s hospitals and clinics may have been affected.

Exposed data in Los Angeles County included patient names, addresses, dates of birth, medical record numbers and Medicaid identification numbers, the Times reported. In two cases, patients’ Social Security numbers were revealed.


To learn more

Although letters were mailed to all patients who were impacted by the data breach, Essentia Health said those with questions may call (218) 786-6404 between 8 a.m. and 4:30 p.m. Monday through Friday.

What to read next
Twin Ports ore shipments ended April down more than one-third compared to a year ago.
Conservationists have spent years trying to stave off a national decline in hunting and fishing, but the 2020 pandemic appears to have righted a sinking ship.
The North Dakota Soybean Processors plant at Casselton and the Green Bison plant at Spiritwood are signs of the growing demand for renewable fuel as well as feed for the livestock industry.
A North Dakota potato breeder brings in a speaker from Wyoming who has trained a dog to detect potato virus diseases using their nose.