Baltimore Medical System Data Breach Exposes Sensitive Patient Information
Baltimore Medical System (BMS), a healthcare provider operating nine practices in the Baltimore area, reported a data breach involving unauthorized access to its systems between July 2 and July 20, 2025. A third-party cybersecurity investigation confirmed that certain files were accessed or duplicated during this period.
The compromised data may include names, contact details, birth dates, Social Security numbers, medical record or patient identification numbers, treatment information, lab results, Medicare/Medicaid ID numbers, health insurance and claims details, and financial account information. BMS has begun notifying affected individuals by mail, with notifications dated March 27, 2026.
Legal professionals are investigating the incident to determine whether a class action lawsuit can be filed on behalf of impacted patients. Such a lawsuit could seek compensation for privacy violations, time spent addressing the breach, out-of-pocket costs, and other damages. The investigation remains ongoing, with attorneys seeking input from those who received breach notifications or believe their data was exposed.
Source: https://www.classaction.org/data-breach-lawsuits/baltimore-medical-system-april-2026
Baltimore Medical System cybersecurity rating report: https://www.rankiteo.com/company/baltimore-medical-system
"id": "BAL1775543425",
"linkid": "baltimore-medical-system",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Baltimore, Maryland, USA',
'name': 'Baltimore Medical System (BMS)',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Notifications sent to affected individuals by mail on '
'March 27, 2026',
'data_breach': {'data_exfiltration': 'Files accessed or duplicated',
'personally_identifiable_information': 'Names, contact '
'details, birth dates, '
'Social Security '
'numbers, medical '
'record or patient '
'identification '
'numbers, '
'Medicare/Medicaid ID '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Account Information']},
'date_detected': '2025-07-20',
'date_publicly_disclosed': '2026-03-27',
'description': 'Baltimore Medical System (BMS), a healthcare provider '
'operating nine practices in the Baltimore area, reported a '
'data breach involving unauthorized access to its systems '
'between July 2 and July 20, 2025. A third-party cybersecurity '
'investigation confirmed that certain files were accessed or '
'duplicated during this period. The compromised data may '
'include names, contact details, birth dates, Social Security '
'numbers, medical record or patient identification numbers, '
'treatment information, lab results, Medicare/Medicaid ID '
'numbers, health insurance and claims details, and financial '
'account information. BMS has begun notifying affected '
'individuals by mail, with notifications dated March 27, 2026.',
'impact': {'data_compromised': 'Sensitive patient information including '
'names, contact details, birth dates, Social '
'Security numbers, medical record or patient '
'identification numbers, treatment '
'information, lab results, Medicare/Medicaid '
'ID numbers, health insurance and claims '
'details, and financial account information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit for privacy '
'violations, time spent addressing the '
'breach, out-of-pocket costs, and other '
'damages',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit',
'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Notifications sent to affected '
'individuals by mail on March 27, 2026',
'third_party_assistance': 'Third-party cybersecurity '
'investigation'},
'title': 'Baltimore Medical System Data Breach Exposes Sensitive Patient '
'Information',
'type': 'Data Breach'}