MedStar Regional Health System disclosed a massive data breach today affecting 4.2 million patient records, including Social Security numbers, insurance information, and detailed medical histories dating back to 2018.
The breach was discovered on April 8 when security analysts detected unusual data exfiltration patterns on the network. Preliminary investigation points to a sophisticated phishing campaign that compromised credentials of three senior IT administrators.
MedStar is offering 24 months of free credit monitoring to affected patients and has engaged CrowdStrike to lead the forensic investigation. The HHS Office for Civil Rights has opened a formal inquiry into potential HIPAA violations.
