Malware-infected servers of a Baltimore hospital system, LifeBridge, may have affected more than half a million patient records. LifeBridge reports in a statement on its website that it discovered malware on the servers that host electronic medical records as well as patient registration and billing systems. The provider’s investigation determined that an unauthorized person accessed the server of its physician practice over a year and a half ago on September 27, 2016. Accessed information may include patients’ names, addresses, dates of birth, diagnoses, medications, clinical and treatment information, insurance information, and social security numbers. LifeBridge sent letters to potentially affected patients and is offering one year of credit monitoring to individuals whose social security numbers may have been accessed.
While it appears that LifeBridge reported the breach to the state AG, as of the date of this post, this breach is not listed on OCR’s list of breaches affecting 500 or more patients (lovingly referred to as the OCR “Wall of Shame”).