LifeBridge Health, a Maryland-based health system operating Sinai Hospital, Northwest Hospital, Levindale Hebrew Geriatric Center, and other facilities, disclosed in May 2018 that it had discovered malware on a server that connected to systems containing patient information. Investigation revealed that the compromise had begun on September 27, 2016 — meaning the malware had been present for approximately 18 months before discovery in March 2018. The compromised server supported LifeBridge’s patient registration and billing systems and connected to an electronic medical records platform. The exposed data potentially included patient names, addresses, dates of birth, Social Security numbers, insurance information, diagnoses, medications, and clinical and treatment information for approximately 538,127 patients. LifeBridge notified HHS, the Maryland Attorney General, and affected patients. No specific criminal attribution was made. The 18-month dwell time before detection was particularly alarming. LifeBridge offered one year of free credit monitoring to affected patients. The breach was part of a pattern of long-dwell healthcare network intrusions in 2016-2018, consistent with threat actors harvesting patient data for insurance fraud or building datasets for sale on dark web markets.