MaineGeneral Health recently announced that it was the victim of a cyber attack resulting in a data breach that affected an unknown number of patients and employees.

The Federal Bureau of Investigation (FBI) notified MaineGeneral November 13, 2015, that it had detected data belonging to the organization on an external website. The website was not accessible to the public. MaineGeneral launched an investigation in cooperation with the FBI to determine the cause, source, and extent of the data breach. MaineGeneral announced the incident December 8, 2015.

Some patients referred by a treating physician to MaineGeneral for radiology services since June 2009 were affected by the breach. Compromised patient data includes:

• Dates of birth
• Emergency contact names
• Addresses
• Telephone numbers

Data for some employees and prospective donors was also detected on the external website, including names, addresses, and telephone numbers.

Social Security numbers, driver’s license numbers, or credit/financial information have not been found among the affected data. Although no incidents of identity theft have been reported as a result of the breach and no financial information appears to have been accessed, MaineGeneral is offering affected individuals one year of credit and identity monitoring services.

HCPro.com – HIM-HIPAA Insider