AUGUSTA — MaineGeneral Medical Center said Friday that personal information belonging to an additional 2,000 people may have been compromised through a computer security breach and that the information included Social Security numbers.
Chuck Hays, CEO of MaineGeneral Health, the hospital’s parent company, said the higher number came to light after the hospital’s investigation into a Sept. 11-12, 2015, cyberattack on its network. The hospital first learned of that attack in November from the FBI.
A month ago, the hospital announced that compromised data included birth dates and emergency contact information for certain patients referred for radiology services since June 2009. At that time, they estimated 118,000 people were potentially affected.
“What we’re reporting out today is anything we saw that could be potentially accessed,” Hays said on Friday. He also said the hospital had no proof that any information was gone.
“The investigation hasn’t found any cases of fraud or id theft as a result of this breach,” he said.
Hays said letters will be sent to people telling them specifically what information might have been exposed.
“Out of the 120,000 people, different people had different data elements potentially accessed,” he said.
He said Friday’s announcement comes as the hospital’s investigation ends even as the FBI continues to seek the perpetrators of the cyber attack.
“We’re confident we’ve identified all the protected health info potentially at risk,” he said.
The news release outlines the new material that was exposed:
• The names, Social Security numbers, addresses, phone numbers, attending physician name, account number and age of certain patients in a patient advocacy file.
• The names, Social Security numbers, dates of birth, addresses, medical record numbers, treatment information, and health history information of certain patients in a patient diagnostic registry file.
• The names and addresses of certain patients, on a mailing list file related to a physician departure in October 2010.
• The names, addresses, dates of birth, Social Security numbers, and medical identification numbers of certain patients in a monitoring system file.
• The name, address, procedure date, procedure description, diagnosis and treatment choice of a patient in a letter to the patient.
The hospital is offering free credit monitoring and identity restoration services to those whose information might have been exposed.
Hays says the hospital’s computer data banks likely have information on millions of individuals over the years.
Copy the Story LinkSend questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.