LifeBridge data breach exposes personal information of 500,000 patients

LifeBridge Health has notified 500,000 patients that their personal information may have been exposed in a cyber attack recently discovered by the health system.

Indication of an attack was first detected in March and an investigation by a national forsenic firm hired by the hospital determined that the data breach took place Sept. 27, 2016. The health system notified patients by letter last week.

The attacker accessed the health system’s servers through one of its physician practices, LifeBridge Potomac Professionals. Information potentially taken included names, addresses, birth dates, insurance information and Social Security numbers found in the patient registration and billing system.

LifeBridge has offered credit monitoring to any patients whose Social Security numbers were breached, but said it doesn’t believe anyone’s information was misused.

“LifeBridge Health and LifeBridge Potomac Professionals (Potomac Physicians) take the protection of health information very seriously,” the health system said in a statement. “While we have no reason to believe patient information has been misused in any way, out of an abundance of caution, we are notifying potentially affected patients as well as providing resources for those who have questions or concerns. We sincerely regret any inconvenience or concern that this situation may have caused.”

LifeBridge is the latest health system to have its patient data accessed. Experts have said the growing use of electronic medical records may make health systems and hospitals more vulnerable to these attacks.

CareFirst BlueCross BlueShield was the victim of a phishing email attack in March that could have exposed the personal information of 6,800 of the insurer's members. An employee's account was used to send emails to people not associated with CareFirst.

The personal information that could have been compromised includes names, member identification numbers and dates of birth. In eight cases, Social Security numbers could have been taken. No medical or financial information was compromised.

In 2016, unidentified hackers encrypted data at MedStar Health hospitals in Maryland and the District of Columbia. The hackers demanded bitcoin payments in exchange for the digital keys to unlock the encrypted data.

In March, Under Armour announced that 150 million users of its MyFitnessPal food and nutrition app and website were affected by a breach. And the City of Baltimore discovered ransomware attack that breached and shut down its automated 911 dispatch system the same day Under Armour said it learned of the MyFitnessPal breach.

The affected MyFitnessPal data included user names, email addresses and passwords protected by an encryption algorithm called bcrypt.

amcdaniels@baltsun.com

twitter.com/ankwalker

Copyright © 2018, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad
77°