Although this cyber security breach has just been identified, the healthcare organization was initially accessed and infected nearly two years ago on September 27, 2016. At the time of the breach, malware was launched into the company servers and the infection spread.
Unfortunately for all individuals who have utilized LifeBridge Health services, this breach was not identified and realized until March 18, 2018. The infected servers identified are hosts to LifeBridge Potomac Professionals, which stores medical records, and LifeBridge Health which hosts patient billing and registration services.
All patients affiliated with LifeBridge Health were notified of the data breach via a letter distributed last week.
What data was exposed?
The patient PII data stolen includes: names, dates of birth, addresses, health insurance information, medical diagnosis along with medications, treatments and clinic information. Additionally, for some patients their social security information was also exposed.
LifeBridge Health Services does not believe any patient information has been abused at this time; however, they are offering credit monitoring free for one year, along with identity protection services. LifeBridge Health is strongly urging all patients to review any statements associated with the healthcare organization.
LifeBridge Health and LifeBridge Potomac Professionals issued a statement:
“While we have no reason to believe patient information has been misused in anyway, out of an abundance of caution, we are notifying potentially affected patients as well as providing resources for those who have questions or concerns. We sincerely regret any inconvenience or concern that this situation may have caused.”
Undetected for almost two years
A significant concern with this particular breach is the length of time between the malware infiltrating LifeBridge and the date it was realized. The lag time here is a direct indicator of the lack of security monitoring and measures taking place. The breach went undetected for a long period of time.
However, the time between the date of discovery (March 18, 2018) and notification of the breach was distributed a week ago; which speaks to the data breach response and recovery plans in place.
Overall, 500,000 individuals have been rocked by this data breach, and they were only made aware of this vulnerability until recently.
Healthcare industry and security
It’s no secret that healthcare security is lacking in their security measures. With the highly sensitive nature of healthcare related information (social security numbers, payment information, contact info, etc.) the healthcare industry is a goldmine for hackers. As more patient records and details are becoming electronic, more attempts will continue to be made to steal this sensitive data. This further stresses the need for security measures to be prioritized and put to action. Healthcare entities should bear in mind the need to prioritize health sensitive data in all avenues, and data security must be vitalized. Click below to learn more about Teramind.