Notice of Data Privacy Incident
On December 3, 2025, MedStar Health began mailing notification letters to certain patients whose information was involved in a data incident.
On October 4, 2025, we learned about a cybersecurity incident in which an outside party gained unauthorized access to MedStar Health’s systems that included patient information. MedStar immediately took steps to secure our systems, launched an investigation with the assistance of third-party forensic experts, and notified law enforcement. Our investigation determined that the unauthorized access to MedStar Health’s systems occurred from September 12, 2025 to September 16, 2025.
On November 12, 2025, we determined that the files accessed by the unauthorized party contained patient information that included patients’ names, dates of birth, Social Security numbers, and also potentially other information related to patient care, such as diagnoses, medications, test results, images, health insurance, and treatment information.
We are notifying patients of this incident and sharing the steps that we are taking in response. While we use a number of physical, technical, and administrative controls to ensure the safety and confidentiality of patient information, we continuously review our cybersecurity protections to enhance our safeguards.
MedStar Health is offering complimentary identity monitoring services to patients whose Social Security numbers or driver’s license numbers may have been involved. Additionally, it is always a good idea for patients to review statements they receive related to their healthcare provider or health insurer. If they identify charges for services they did not receive, they should contact the healthcare entity or health insurer immediately.
We also established a dedicated, toll-free call center to help answer questions about the data incident. The call center can be reached at 855-403-1763, available Monday through Friday, 9 a.m. to 9 p.m. Eastern time, except holidays.