LifeBridge Health, a Baltimore-based healthcare provider with nearly 150 locations, experienced a cybersecurity breach where an unauthorized user accessed its third-party electronic health records (EHR) vendor. The incident exposed personally identifiable information (PII) and protected health information (PHI) of an undetermined number of patients, including names, Social Security numbers, medical record numbers, diagnoses, medicines, test results, treatment images, and care details. The breach, under investigation by law firm Lynch Carpenter, LLP, has prompted potential legal action for affected individuals, who may be eligible for compensation. The compromised data highly sensitive and regulated under HIPAA poses severe risks, including identity theft, medical fraud, and financial exploitation. The breach’s scope remains unclear, but the exposure of full medical histories and SSNs elevates its severity, particularly given the healthcare sector’s critical nature. Patients receiving breach notifications are advised to seek legal review, underscoring the incident’s broad reputational, financial, and operational repercussions for LifeBridge.
TPRM report: https://www.rankiteo.com/company/lifebridge-health
"id": "lif3892438102325",
"linkid": "lifebridge-health",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Unknown number of patients',
'industry': 'Healthcare',
'location': 'Baltimore, Maryland, USA',
'name': 'LifeBridge Health',
'size': 'Nearly 150 locations',
'type': 'Healthcare Provider'}],
'attack_vector': 'Third-Party Vendor Compromise (EHR)',
'customer_advisories': 'Affected individuals advised to fill out a form for '
'legal review via Lynch Carpenter, LLP '
'(https://www.lynchcarpenter.com).',
'data_breach': {'data_exfiltration': 'Yes (accessed by unauthorized user)',
'file_types_exposed': ['Patient records',
'Diagnostic images',
'Text documents (diagnoses, treatment '
'plans, test results)'],
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Medical record '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and treatment details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-10-23',
'description': 'An unauthorized user accessed data from LifeBridge Health’s '
'third-party electronic health records (EHR) vendor, '
'compromising personally identifiable information (PII) and '
'protected health information (PHI) of an unknown number of '
'patients. The exposed data includes names, Social Security '
"numbers, medical record numbers, doctors' diagnoses, "
'medicines, test results, images, and care/treatment details.',
'impact': {'brand_reputation_impact': 'Potential (under investigation by '
'Lynch Carpenter, LLP for class action '
'claims)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Social Security numbers',
'Medical record numbers',
"Doctors' diagnoses",
'Medicines',
'Test results',
'Images',
'Care and treatment details'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'sensitive health data)',
'legal_liabilities': 'Under investigation (Lynch Carpenter, LLP '
'representing affected individuals for '
'compensation)',
'systems_affected': ['Third-Party Electronic Health Records (EHR) '
'System']},
'investigation_status': 'Ongoing (legal investigation by Lynch Carpenter, '
'LLP)',
'references': [{'date_accessed': '2025-10-23',
'source': 'Globe Newswire Press Release'},
{'source': 'LifeBridge Health About Page',
'url': 'https://www.lifebridgehealth.org/about'},
{'source': 'Lynch Carpenter LLP',
'url': 'https://www.lynchcarpenter.com'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
'(investigated by Lynch Carpenter, '
'LLP)'},
'response': {'communication_strategy': 'Public disclosure via Globe Newswire; '
'legal firm (Lynch Carpenter, LLP) '
'investigating claims and notifying '
'affected individuals via breach '
'letters.'},
'stakeholder_advisories': 'Patients notified via data breach letters; legal '
'firm (Lynch Carpenter, LLP) offering case reviews '
'for affected individuals.',
'threat_actor': 'Unauthorized User',
'title': 'LifeBridge Health Data Breach via Third-Party EHR Vendor',
'type': 'Data Breach'}