Mednax, National Medical Group

An unauthorized third party gained access to certain Microsoft Office 365-hosted MEDNAX business email accounts through phishing.

The phishing email prompts the recipient to share or give access to certain information.

The unauthorized party was able to access certain business email accounts between June 17,
2020 and June 22, 2020.

The event was limited to a small number of business email accounts.

Those email accounts are separate from MEDNAX’s internal network and systems, which were not involved in the event.

The patient information compromised are patient name, guarantor name, address, email address, and date of birth, Social Security number, driver’s license number, state identification number, and/
or financial account information, health insurance information, medical and/or treatment information, billing and claims information.

Source: https://oag.ca.gov/system/files/Attachment%20-%20CA%20Individual%20Notice%20Letters.pdf

"id": "MED1938141122",
"linkid": "mednax",
"type": "Data Leak",
"date": "12/2020",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"