More than 500,000 Marylanders’ personal information could have been affected by a data breach at LifeBridge Health, the Maryland Attorney General’s Office said Tuesday.
LifeBridge detected malware in March on servers hosting LifeBridge Potomac Professionals’ electronic medical records and LifeBridge Health’s patient registration and billing systems.
“LifeBridge Health and LifeBridge Potomac Professionals (Potomac Physicians) take the protection of health information very seriously,” a statement from the system said. “While we have no reason to believe patient information has been misused in any way, out of an abundance of caution, we are notifying potentially affected patients as well as providing resources for those who have questions or concerns. We sincerely regret any inconvenience or concern that this situation may have caused.”
Information potentially accessed includes patient names, addresses, dates of birth, diagnoses, medications, clinical and treatment information, insurance information and Social Security numbers.
The health system said in a statement that it does not believe the information had been “misused.”
LifeBridge’s investigation found that an unauthorized person accessed the servers in September 2016.
The health system began mailing notifications to affected patients last week and established a call center to answer patient questions. For patients whose Social Security numbers could have been compromised, LifeBridge is also offering one year of free credit monitoring and identity protection services.
The system also said it has enhanced the complexity of its password requirements and computer system security.
Health care institutions in Maryland and across the nation are viewed as particularly vulnerable to hacking, in part because of the industry’s reliance on connectivity between new and legacy data systems and a growing use of electronic records.
In 2016 MedStar Health’s computers were shut down by hackers who demanded ransomware be paid before data would be unlocked. A study by the Maryland Health Care Commission found that between 2013 and 2016 Maryland ranked 10th among states with the largest number of records that had been compromised.