LifeBridge data breach exposes personal information of 500,000 patients

May 24, 2018

LifeBridge Health has notified 500,000 patients that their personal information may have been exposed in a cyber attack recently discovered by the health system.

Indication of an attack was first detected in March and an investigation by a national forsenic firm hired by the hospital determined that the data breach took place Sept. 27, 2016. The health system notified patients by letter last week.

The attacker accessed the health system’s servers through one of its physician practices, LifeBridge Potomac Professionals. Information potentially taken included names, addresses, birth dates, insurance information, and Social Security numbers found in the patient registration and billing system.

LifeBridge has offered credit monitoring to any patients whose Social Security numbers were breached, but said it doesn’t believe anyone’s information was misused.

LifeBridge is the latest health system to have its patient data accessed. Experts have said the growing use of electronic medical records may make health systems and hospitals more vulnerable to these attacks.

CareFirst BlueCross BlueShield was the victim of a phishing email attack in March that could have exposed the personal information of 6,800 of the insurer’s members. An employee’s account was used to send emails to people not associated with CareFirst.

The personal information that could have been compromised includes names, member identification numbers and dates of birth. In eight cases, Social Security numbers could have been taken. No medical or financial information was compromised.

In 2016, unidentified hackers encrypted data at MedStar Health hospitals in Maryland and the District of Columbia. The hackers demanded bitcoin payments in exchange for the digital keys to unlock the encrypted data.

In March, Under Armour announced that 150 million users of its MyFitnessPal food and nutrition app and website were affected by a breach. And the City of Baltimore discovered ransomware attack that breached and shut down its automated 911 dispatch system the same day Under Armour said it learned of the MyFitnessPal breach.

The affected MyFitnessPal data included user names, email addresses and passwords protected by an encryption algorithm called bcrypt.

The Baltimore Sun has the full story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...