MedStar Regional Health System has disclosed a data breach affecting approximately 3.2 million patient records. The breach, discovered on April 8, involved unauthorized access to a database containing names, Social Security numbers, medical record numbers, and insurance information.
Forensic investigators believe the attack originated from a compromised third-party vendor account that had elevated access privileges. The attackers maintained persistence in the network for an estimated 17 days before detection by the organization's security operations center.
MedStar is offering affected individuals two years of complimentary credit monitoring and identity theft protection services. The organization has also engaged a leading incident response firm and notified the FBI and HHS Office for Civil Rights.
