MedStar Health Inc., a prominent healthcare provider in Maryland, revealed a cybersecurity breach, ultimately affecting more than 184,000 individuals.
What happened
On March 6, 2024, MedStar Health confirmed that patient information was included in the emails and files accessed by an unauthorized individual, following a forensic analysis of the breach.
According to the HHS Data Breach Report released on May 3, 2024, the incident affected 183,079 individuals. The breach occurred when an unauthorized party gained access to emails and files belonging to three employees between January and October 2023. While there is no confirmation that patient data was acquired or viewed, sensitive information including names, addresses, dates of birth, service dates, provider names, and health insurance details may have been compromised.
In response, MedStar Health has taken proactive measures to enhance its security posture, implementing additional safeguards and security measures to bolster existing controls and prevent similar incidents in the future.
What was said
MedStar Health’s Notice of Data Incident states, “While we have no reason to believe that patient information was actually acquired or viewed, we cannot rule out such access.”
The organization also expressed its apologies for any concern or inconvenience, urging affected patients to “review statements they receive related to their healthcare” and report “anything unusual related to the healthcare services or the charges for services [to] the healthcare entity or health insurer immediately.”
MedStar also states they “have implemented additional safeguards and security measures to enhance our existing controls.”
The organization established a dedicated, toll-free call center (1-888-841-4282) available from 9:00 a.m. to 9:00 p.m. Eastern Time, to help answer questions about the data incident.
In the know
Covered entities (including healthcare providers, health plans, and healthcare clearinghouses) must use a HIPAA compliant email platform, such as Paubox, to prevent cybersecurity breaches. HIPAA compliant emails offer encryption and security features specifically designed to protect sensitive patient data during transmission and at rest.
Furthermore, these platforms provide access controls, audit trails, and automatic data backup to ensure compliance with HIPAA regulations and safeguard patient information from unauthorized access or disclosure.
Why it matters
Beyond the immediate impact on affected individuals and healthcare providers, this breach shows the broader implications for cybersecurity in the healthcare sector. Healthcare organizations must increase scrutiny and regulatory oversight to protect sensitive patient data in an increasingly digitized environment with evolving cyber threats.
Additionally, individuals should actively monitor their healthcare records and promptly report suspicious activity, mitigating the risk of further breaches and protecting their sensitive information.
Related: HIPAA Compliant Email: The Definitive Guide
