Columbia, Md.-based MedStar Health has begun notifying patients after determining that a cybersecurity breach in September exposed personal and medical information.
The health system learned Oct. 4 that an unauthorized third party had accessed its systems. An investigation found the breach occurred between Sept. 12 and Sept. 16 and involved files containing patient names, dates of birth and Social Security numbers, according to a news release. Some records also included clinical information such as diagnoses, medications, test results, images, insurance details and treatment data.
MedStar said it secured its systems, launched an investigation with third-party forensic specialists and notified law enforcement. The health system confirmed the extent of the compromised information Nov. 12 and began sending patient notifications Dec. 3.
