Maryland-based health organization LifeBridge Health recently informed patients of a data breach which occurred last September, and a report claims that as many as 500,000 patients may have had personal information exposed.
LifeBridge Health sent out a press release last week on the breach. The organization says it discovered the breach on March 18, 2018. Malware infected a server which hosted “LifeBridge Potomac Professional’s electronic medical record, and LifeBridge Health’s patient registration and billing systems.”
After an investigation, LifeBridge determined the server was accessed by an unauthorized person on September 27, 2016. “The information potentially accessed may include patients’ names, addresses, dates of birth, diagnoses, medications, clinical and treatment information, insurance information, and in some instances social security numbers,” the release says.
The specific number of 500,000 patients comes from news reports, including a report from The Baltimore Sun.
Like many companies who suffer data breaches, LifeBridge is offering its affected patients a one-year complimentary credit monitoring and identity protection services. LifeBridge also announced that “To help prevent something like this from happening again, LifeBridge has enhanced the complexity of its password requirements and the security of its system.”
LifeBridge also claims it “has no reason to believe that the patient information has been misused in any way” — as to why they believe this way, we don’t know.
While we’ve seen plenty of breaches recently, including many which have targeted retail chains, the protection of data within health organizations is also a growing concern. Another healthcare organization, BJC Healthcare in St. Louis, announced its own breach earlier this year. That breach affected more than 30,000 patients, and revealed personal information for months due to a “data server configuration error.”
While medical information may not necessarily be sought in these breaches, it’s clear that some hackers have identified these health organizations as being worthwhile targets for accessing personal information.