Advertisement
Anne Arundel County

Patient information potentially exposed in email breach at Luminis Health Anne Arundel Medical Center

Luminis Health, which owns Anne Arundel Medical Center in Annapolis and Doctors Community Medical Center in Lanham, said this week it has notified some of its patients that their personal information may have been exposed in an email breach recently discovered by the health system.

Indications of an attack were first detected in early September, and an investigation by a computer forensics firm hired by the hospital system determined that the breach took place between Aug. 26 and Sept. 14. The health system began to notify patients by letter last week.

Advertisement

The attacker accessed a limited number of employee email accounts, Luminis Health wrote in a post on its website. The health system said it is conducting a comprehensive review of all emails and attachments within the affected accounts. Information potentially taken included patient names, dates of birth, medical record numbers, Social Security numbers and limited clinical information.

Luminis Health is offering identity monitoring to any patients whose Social Security numbers were contained within the email accounts but said it has “no reason to believe” anyone’s information was viewed or misused, according to the post. An AAMC spokesperson said Friday that the hospital could not provide numbers for how many patients were affected or how many letters had been sent out.

Advertisement

“To help prevent something like this from happening again, we have reinforced education with our employees on how to identify and avoid phishing emails and have implemented tighter controls on the existing multi-factor authentication for our email environment,” the health system said in a statement.

Patients who want more information or have questions should call the company’s toll-free hotline set up specifically in response to the breach at 1-855-675-3128 from 9 a.m. to 9 p.m. Monday through Friday. Patients are also encouraged to review statements from health care providers and insurers to verify they were not billed for services they did not receive.

Capital reporter Lilly Price contributed to this article.


Advertisement