Baltimore Medical Facility Finds Two-Year-Old Malware, Leaving 500K Patients Exposed

Cyber Attack That Occurred in 2016 was Just Discovered, leaving 500,000 Patients Affected

LifeBridge Health located in Baltimore, Maryland, was the victim of a malware attack on September 27, 2016.  However, what is most concerning is, the attack was not identified until March 17, 2018.

In March of 2018 hospital officials became aware there was a malicious attack that had infected multiple systems.  The networks impacted included the ambulatory electronic health records, patient registration, and billing systems that a contracted vendor was hosting.  After a complete forensic analysis was completed, it was determined the malicious attack originated in 2016, when an unauthorized person accessed the system.

Approximately 500,000 patient records were compromised.  The information leaked included social security numbers, patient names, addresses, birth dates, medical diagnosis, medications, insurance information, and clinical and treatment information.  The Baltimore medical facility is working diligently to notify all impacted patients and is offering a free year of credit reporting services to patients whose social security number was breached.

At this time, LifeBridge Health does not believe any of the personal data exposed has been used maliciously.

Impacted patients are also encouraged to review billing statements and explanation of benefits.  If services are shown that were not rendered, the patients are urged to contact their providers immediately.

1,292 total views, 2 views today

(Visited 2,707 times, 1 visits today)

3 thoughts on “Baltimore Medical Facility Finds Two-Year-Old Malware, Leaving 500K Patients Exposed

  1. Would it be considered “malicious” if some of the exposed information (like social security numbers) were used to provide an illegal with a “legal” ID?

  2. Aarky says: Even worse is that many/most large hospital corporations require that before a patient can access their electronic records that they allow the corp to start tracking their browsing history(cookies). I find it outrageous that these outfits are so money grubbing that they would then sell your cookies to the highest bidder. There needs to be a law against this.

  3. One year of credit monitoring to make up for a just-discovered two-year old breach that compromises patients’ social security numbers for the rest of their lives. Does something seem a little out of balance here?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.