LifeBridge Health Data Breach Affects 538,000 Patients

by | May 23, 2018

Baltimore-based healthcare provider LifeBridge Health has revealed, in a press release issued on May 16, that it had encountered a data breach. While the release made no reference to number of patients impacted at the time of it being issued, additional information has now been released.

LifeBridge Health discovered on March 18, 2018 that malware had been placed on a server that hosted the electronic medical record system utlized by LifeBridge Potomac Professionals and LifeBridge Health’s patient registration and billing systems.

The identification of malware led to an in depth investigation to determine when access to the server was first obtained. LifeBridge Health then hired a national computer forensics firm to help with the investigation with the firm finding that access to the server was first established 18 months earlier on September 27, 2016.

The range of information held on the server included patients’ names, dates of birth, addresses, diagnoses, medications prescribed, clinical and treatment details, insurance information and a small number of Social Security numbers.

LifeBridge Health has found nothing to suggest any patients’ protected health information has been used improperly, but as a precautionary measure, all patients whose Social Security numbers may have been accessed by the attackers will be given free credit monitoring and identity theft protection services for one year.

Additionally, all patients have been urged to carefully check their billing and explanation of benefits statements for any medical services charged but not sent. Patients have been asked to report any discrepancies to their insurance carriers as soon as they can.

LifeBridge Health has not released details of how access to the server was obtained, although its response to the incident provides some clues. In the official breach notice issued, the healthcare provider said it has “enhanced the complexity of its password requirements and the security of its system.”

The LifeBridge Health data breach is the second biggest healthcare data breach to be reported in 2017. The breach report sent to the Department of Health and Human Services’ Office for Civil Rights (OCR) shows 538,127 patients have potentially been affected.

While this data breach is not as big as the security breach reported by the California Department of Developmental Services (CDDS) in April, it is certainly more dangerous for the individuals affected.

The CDDS breach, which possibly affected 582,174 patients, was a burglary and it is not clear whether any PHI was actually viewed or acquired by unauthorized people. All electronic equipment stolen by the thieves was protected with encryption and no paperwork appeared to have been stolen.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy