Two-year-old malware discovered at LifeBridge Health
LifeBridge Health, a four hospital delivery system in Baltimore that includes the LifeBridge Potomac Professionals affiliated physician group practice, on March 17, 2018 discovered a malware attack had infected the ambulatory electronic health record and patient registration and billing systems that a contracted vendor was hosting.
But the malware was not new-- forensic analysis determined that the server had been accessed by an unauthorized person on September 27, 2016.
Now, approximately 500,000 affected patients are being belatedly notified and 381,123 patients with compromised Social Security Numbers are being offered one year of credit monitoring and identity protection services.
In addition to Social Security Numbers, protected health information at risk includes patient name, address, date of birth, diagnoses, medications, clinical and treatment information and insurance information.
“At this time, LifeBridge Health and LifeBridge Potomac Professionals has no reason to believe that the patient information has been misused in any way,” the organization told patients.” As a precaution, a call center has been established to answer patient questions.
LifeBridge Health also is urging patients to review billing statements and explanation of benefits, and to contact the provider and insurer if services are shown that were not received.
As part of the breach remediation process, LifeBridge has increased the complexity of its password requirements and the security of its information systems.