MaineGeneral Health has suffered a cyber attack, but has not detailed the size of the breach as its investigation continues. Regional media have been notified of the attack, an indication under HIPAA rules that at least 500 individuals are affected, making it a major breach.

However, the hack—affecting patients, employees and donors—spans the entire 40-facility delivery system including two-site MaineGeneral Medical Center, community care, rehabilitation and long-term care, and a retirement community.

The organization on November 13 learned from the FBI that MaineGeneral data was found “on an external website which is not accessible by the general public,” CEO Chuck Hays said in a statement on December 8. Known compromised protected health information includes patient dates of birth, emergency contact names, addresses, and telephone numbers; as well as names, addresses and telephone numbers of certain employees and donors.

Also See: Six Ways Secure Messaging Will Change in 2016

At this time, medical, insurance and financial information, as well as Social Security numbers, do not appear to be compromised. However, MaineGeneral will offer affected individuals one year of credit monitoring and identity restoration services from AllClearID. Formal patient notification does not appear to have yet started, but the organization remains well within the 60-day window for notification to begin

More information from MaineGeneral was not immediately forthcoming.

David Holtzman, vice president of compliance at security consultancy CynergisTek and a former official in the HHS Office for Civil Rights which enforces the HIPAA rules, says the FBI is stepping up on a promise to inform private sector organizations on threat information and ongoing activities in its cyber division.

“My analysis is that the FBI is prioritizing the threats to the healthcare sector through using its resources to survey for data elements unique to healthcare information systems in the Dark Web and other sites linked to cybercrime,” Holtzman adds.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access