Topics
More on Risk Management

LifeBridge Health reveals breach that compromised health data of 500,000 patients

LifeBridge said they discovered the breach on March 18.

Beth Jones Sanborn, Managing Editor

Credit: Google Street ViewCredit: Google Street View

A cybersecurity breach within Baltimore, Maryland-based LifeBridge Health and LifeBridge Potomac Professionals potentially exposed the private information of roughly 500,000 patients, the system said.

LifeBridge sent letters to the affected patients, though they said they currently have no reason to believe the information has been misused. 

LifeBridge said they discovered the breach on March 18, which involved malware that infected the server that hosts LifeBridge Potomac Professional's electronic medical record and LifeBridge Health's patient registration and billing systems. 

The system said they investigated and also hired a national forensic firm, ultimately determining that an unauthorized person accessed the server on September 27, 2016. The compromised information potentially accessed included patients' names, addresses, dates of birth, diagnoses, medications, clinical and treatment information, insurance information, and in some cases, social security numbers.

The system said in addition to sending letter to patients as a precaution, they have established a call center to answer questions from patients. For those patients whose social security numbers were potentially involved, LifeBridge will offer a free one-year credit monitoring and identity protection service. 

"LifeBridge Health also recommends that patients review their billing statements and explanation of benefits they receive. If patients see services that they did not receive, they should contact the provider or insurer immediately," the system said in a statement emailed to Healthcare Finance News. "To help prevent something like this from happening again, LifeBridge has enhanced the complexity of its password requirements and the security of its system."

LifeBridge Health serves Northwest Baltimore and includes Sinai Hospital of Baltimore, Northwest Hospital, Carroll Hospital, Levindale Hebrew Geriatric Center and Hospital, and its subsidiaries and affiliated units, including LifeBridge Health & Fitness and the LifeBridge Medical Care Centers in Eldersburg, Mays Chapel and Reisterstown. Sinai Hospital, Northwest Hospital and Carroll Hospital are all acute-care general hospitals with complementary clinical centers.

The barrage of cybersecurity breaches seen in 2017 was slated to continue by experts, who said they would not only continue, but proliferate further and become more sophisticated. While the healthcare industry is slowing ramping up strategies and defenses against cybercriminals and their widely varied attacks, it is still considerably behind the curve set by other industries who have long treated it as a top tier concern and integral part of operations.

As cyberattacks against the healthcare industry grow even more frequent and intricate, those threats must looked at from a business risk perspective and treated with the same level of urgency as any other large marauding threat to the bottom line.

Twitter: @BethJSanborn
Email the writer: beth.sanborn@himssmedia.com

Show All Comments