Baltimore-based LifeBridge Health said some of its patients were affected by a cybersecurity incident involving Oracle Health, the EHR vendor formerly known as Cerner.
Oracle Health notified LifeBridge in March that an unauthorized third party had gained access to its systems as early as Jan. 22 and obtained certain data, LifeBridge said in an Oct. 16 news release. The breach affected multiple healthcare organizations that use Oracle Health’s platform.
Oracle launched an investigation after discovering the intrusion, working with federal law enforcement and external cybersecurity specialists, according to the health system. Law enforcement requested that organizations delay notifying affected patients while the investigation was ongoing.
On Sept. 19, Oracle Health provided LifeBridge with a list of patients whose information may have been involved. The exposed data varied by individual and could include names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images and treatment details.
LifeBridge emphasized that the breach did not involve or compromise any data stored in its own IT systems and did not disrupt clinical operations.
The health system said it has begun mailing letters to affected patients offering complimentary two-year credit monitoring and identity protection services.
