MedStar Health Data Breach Impacts Nearly 184,000 Patients
Cyberattack on Employee Emails Leads to MedStar Data Breach
In early May 2024, healthcare provider MedStar Health notified patients and authorities of the MedStar Health data breach that exposed the personal information of around 184,000 individuals.
The incident occurred when an unauthorized outsider gained access to the email accounts and electronic files of three MedStar employees. This occurred intermittently between January and October of 2023.
Upon discovering the MedStar breach in March 2024, the company conducted a forensic analysis and found patient data was present in the compromised emails and files. Details including names, addresses, dates of birth and insurance info were contained within.
The MedStar Health Cyberbreach Affected Hospitals Across Region
MedStar Health owns and operates ten hospitals across Maryland, Washington D.C. and northern Virginia.
The Medstar Health Email data breach impacted patients of major facilities like Georgetown University Hospital and Washington Hospital Center.
While there was no proof data was actually viewed or stolen, MedStar could not rule out the possibility either.
While there is “no reason to believe that patient information was actually acquired or viewed, we cannot rule out such access.”
The officials said in a statement. They strongly urged any affected patients to monitor statements and accounts for unusual healthcare charges or services.
Healthcare is Under Constant Cyber Threat
Experts argue the healthcare sector is highly vulnerable to cyberattacks due to decentralized data sharing between providers. Connected medical equipment also enables easier access points.
In the same month as MedStar data breach, UnitedHealth Group acknowledged paying a $22 million ransom after subsidiary Change Healthcare was hit. Many other medical organizations have suffered ransomware assaults or data leaks in 2024 alone.
In February 2024, Lurie Children’s Hospital in Chicago fell victim to a ransomware attack where stolen data was put up for sale on the dark web for $3.4 million.
The hackers encrypted the hospital’s systems, forcing staff to rely on manual processes as the entire computer network was taken offline. This cyberbreach at a pediatric hospital exposed the sensitive personal information of child patients.