A sophisticated cyberattack on MedStar Health Systems has exposed the personal and medical records of approximately 11 million patients across 14 states, making it one of the largest healthcare breaches in U.S. history.
What Was Stolen
- Full names, dates of birth, Social Security numbers
- Medical records including diagnoses and prescriptions
- Health insurance information
- Billing addresses and payment data
How It Happened
Attackers exploited an unpatched vulnerability in the organization's electronic health records system. The breach went undetected for approximately 90 days before anomalous data exfiltration was flagged by a third-party security monitor.
What Patients Should Do
Freeze your credit with all three bureaus immediately. Monitor explanation of benefits statements for unfamiliar medical claims — medical identity theft can be devastating. MedStar is offering 2 years of free identity monitoring through Experian.
Healthcare remains the most targeted sector for cyberattacks due to the high value of medical data on the dark web — up to $250 per record.
