On May 3, 2024, we mailed notification letters to certain MedStar Health patients whose personal information may have been involved in a data incident.
We discovered that an outside party had accessed emails and files associated with three MedStar Health employee email accounts. The unauthorized access occurred intermittently between January 25, 2023 and October 18, 2023. On March 6, 2024, after conducting a forensic analysis of the unauthorized access, we determined that patient information was included in the emails and files that were accessed. While we have no reason to believe that patient information was actually acquired or viewed, we cannot rule out such access.
The emails and files contained information that may have included some or all of the following: patients’ names, mailing address, dates of birth, date(s) of service, provider name(s), and/or health insurance information.
We apologize for any concern or inconvenience this may cause. Patients whose information may have been involved are encouraged to review statements they receive related to their healthcare. If they identify anything unusual related to the healthcare services or the charges for services, they should contact the healthcare entity or health insurer immediately.
We take this matter very seriously. We employ appropriate physical, technical, and administrative controls to ensure the safety and confidentiality of patients’ information. Nonetheless, to help prevent something like this from happening again, we have implemented additional safeguards and security measures to enhance our existing controls. We have also notified law enforcement.
We also established a dedicated, toll-free call center to help answer questions about the data incident. The call center can be reached at 1-888-841-4282, available 9:00 a.m. to 9:00 p.m. Eastern Time.