Anne Arundel Medical Center Notifies Patients Of Potential Email Breach
BALTIMORE (WJZ) -- The parent company of Anne Arundel Medical Center is notifying patients about an email security breach this past fall that might have compromised some of their confidential information.
"Luminis Health, Inc. is committed to protecting the confidentiality and security of our patients' information. This notice is to inform our patients of a recent incident that may have involved some of that information," a company notice says.
After learning on Sept. 3, 2021, that someone had gained unauthorized access to its employee email system, Luminis says, the email accounts involved were secured and a computer forensics firm was brought in to investigate the intrusion.
The investigation found that the intruder accessed a "limited" number of employee email accounts between Aug. 26 and Sept. 14, though it is unclear which—if any—emails were viewed by the person responsible, the company says.
An ongoing review has identified patient information—names, dates of birth, Social Security numbers—within the email accounts, the company said, but so far there is no information indicating those details were seen by the intruder.
"We have no reason to believe that this information was actually viewed by an unauthorized person, and we have no evidence that any patient information has been misused," the notice says. "However, in an abundance of caution, we began mailing letters to affected patients on January 12, 2022. We anticipate notifying all affected patients in the upcoming weeks, once our investigation is complete."
The company says it is taking steps to head off any further email security incidents, including training employees on how to recognize and avoid phishing attempts and placing tighter controls on its multi-factor authentication tools guarding employees' email accounts.
Additionally, the company is offering free identity monitoring services through credit monitoring firm Equifax to patients whose Social Security numbers were contained within the email accounts.
Patients who have questions or concerns are asked to call the company's dedicated toll-free hotline (1-855-675-3128) from 9 a.m. to 9 p.m. Monday through Friday.
Also, patients are encouraged to review their statements from healthcare providers and insurers to verify that they were not billed for services they did not receive.
