On May 3, 2024, MedStar Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access the company’s email system. In this notice, Medstar explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, mailing addresses, dates of birth, dates of service, provider names, and health insurance information. Upon completing its investigation, Medstar began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from MedStar Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the MedStar Health data breach. For more information, please see our recent piece on the topic here.
What Caused the MedStar Health Data Breach?
The Medstar Health data breach was only recently announced, and more information is expected in the near future. However, Medstar’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. MedStar Health also posted a website notice discussing the incident.
According to these sources, MedStar Health recently learned that an unauthorized party had been able to access its email environment. In response, Medstar launched an investigation and confirmed that the email accounts were subject to unauthorized access intermittently between January 25, 2023 and October 18, 2023. The Medstar Health investigation also revealed that the affected email accounts contained confidential information belonging to certain patients.
After learning that sensitive consumer data was accessible to an unauthorized party, MedStar Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. MedStar Health completed this process on March 6, 2024. While the breached information varies depending on the individual, it may include your name, mailing address, date of birth, date of service, provider name, and health insurance information.
On May 3, 2024, MedStar Health began sending out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About MedStar Health
MedStar Health is a not-for-profit health system based out of Columbia, Maryland. MedStar Health operates ten hospitals and more than 300 care locations in Maryland, Virginia, and Washington, D.C. MedStar Health employs more than 32,000 people and generates approximately $6.3 billion in annual revenue.