By HFT Staff

On May 3, 2024, MedStar Health mailed notification letters to certain patients whose personal information may have been involved in a data incident. 

They discovered that an outside party had accessed emails and files associated with three MedStar Health employee email accounts. The unauthorized access occurred intermittently between January 25, 2023, and October 18, 2023. On March 6, 2024, after conducting a forensic analysis of the unauthorized access, they determined that patient information was included in the emails and files accessed. While they have no reason to believe patient information was acquired or viewed, MedStar Health cannot rule out such access. 

The emails and files contained information that may have included some or all the following: patients’ names, mailing address, dates of birth, date(s) of service, provider name(s) and/or health insurance information.  

Patients whose information may have been involved are encouraged to review statements they receive related to their healthcare. If they identify anything unusual related to the healthcare services or the charges for services, they should contact the healthcare entity or health insurer immediately. 

MedStar Health has employed appropriate physical, technical and administrative controls to ensure the safety and confidentiality of patients’ information. Nonetheless, to help prevent something like this from happening again, they have implemented additional safeguards and security measures to enhance their existing controls. They have also notified law enforcement.