MaineGeneral Health Hacked

MaineGeneral Health has announced it has suffered a cyberattack that potentially affects patients of all of its subsidiaries, including MaineGeneral Community Care, MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care & MaineGeneral Retirement Community.

Patients who received radiology services from MaineGeneral Health after being referred by a specific physician have been affected. The name of that physician has not been disclosed, although a breach report submitted to OCR indicates 500 patients have been affected.

MaineGeneral Health Cyberattack Affects Patients, Employees, and Emergency Contacts

The data exposed in the security breach include dates of birth and emergency contact names, addresses, and telephone numbers. Certain employees have also been affected and have had their names, addresses, and telephone numbers exposed. According to a statement released by MaineHealth, some prospective donors have also been affected.

At the present moment in time, the investigation into the security breach indicates that no further data have been exposed, although the forensic investigation is ongoing. As a precaution against identity theft and fraud, all affected individuals have been offered a year of credit monitoring services without charge through ClearID.

MaineGeneral Health received a tip-off from the FBI on November 13, 2015, about MainGeneral Health patient data that were posted on a website. That website does not appear to have been accessible by the public. Once notified of the security breach, MaineGeneral Health launched an internal investigation to determine which patients had been affected, the extent of the data breach, and the exact data that were exposed.

An nationally recognized external data forensics company was employed to conduct a thorough forensic analysis of the cyberattack. All systems are being analyzed to determine the full extent of the cyberattack. At this stages, it would appear that Social Security numbers, financial information, Driver’s license numbers, and clinical/medical data were not exposed.

All affected individuals will receive a breach notification letter if they have been affected, and information will be provided to allow them to take additional measures to safeguard their identities and credit. A helpline has been set up for patients to call (1-877-441-2645) for further information, and assistance can be provided to help affected patients initiate the credit protection services being offered.

According to a statement released by Chuck Hays, CEO of MaineGeneral Health, the investigation into the data breach is “an ongoing effort.” He also said, “We will provide additional information as the investigation continues.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.