• Substitute Notice: Notice to our Patients About an Email Incident  

    Luminis Health Anne Arundel Medical Center (LHAAMC) is committed to protecting the confidentiality and security of our patients’ information. This notice is to inform our patients of a recent incident that may have involved some of that information. We also want to provide detail on the work underway to minimize future threats.

    On Sept. 3, 2021, we became aware of unauthorized access within our employee email system. We secured the impacted email accounts, began an investigation, and engaged a computer forensics firm to assist. The investigation determined that an unauthorized person gained access to a limited number of employee email accounts between Aug. 26 and Sept. 14, 2021.

    While we are continuing to investigate this incident, we expect that some patient information may be contained within the employee email accounts that were accessed, including patient names, dates of service, and limited clinical information. We are in the process of reviewing emails in those accounts to identify patients whose information may have been accessible to an unauthorized person.

    Once our review is complete, LHAAMC will mail letters to all affected patients. Although we have no indication that any patient information has been misused, out of an abundance of caution we have established a dedicated call center for patients to call with questions.

    Unfortunately, cyberattacks against healthcare organizations have become all too common. Across the country and world, criminals are using different techniques to access private and protected information about patients. Over the past several years, these types of incidents have only increased, and have jumped even more during the pandemic. Luminis Health is working collaboratively with the American Hospital Association on steps the healthcare industry can take to reform its approach to responding to such cyber threats.

    We take the privacy and confidentiality of our patients' information very seriously. To help prevent something like this from happening again, we have reinforced education with our employees on how to identify and avoid phishing emails and have implemented tighter controls on the existing multi-factor authentication for our email environment.

    If you have questions about this incident, please call 855-675-3128, Monday through Friday, 9 a.m. to 9 p.m. ET. We recommend patients review statements they receive related to their healthcare services. If they see services they did not receive, patients should contact their provider.