The Mount Desert Island Hospital in Bar Harbor has notified 24,180 patients that their private patient records may have been exposed during a network intrusion that affected the hospital between April 28 and May 7.
From DataBreaches.net:
“The types of information that may have been impacted reportedly included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account information, medical record number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name, and health insurance information.”
In a June 5 online statement, the hospital said it has begun mailing notices to affected customers and is offering “complimentary” credit monitoring and identity protection services to victims. It updated that statement Thursday.
The initial statement flew relatively under the radar until it was picked up on July 1 by DataBreaches.net and later blogged about by Lincoln Millstein in his Bar Harbor-centric Substack newsletter, The Quietside Journal.
“In response to this incident, we worked with third-party specialists to re-secure our network, implement additional security precautions, and we are reviewing our policies and procedures related to data protection,” the hospital said.
There is no indication yet who hacked the network and what they may be doing with any data they may have acquired.
Being an Ex-IT tech at a hospital I can assure you that hospitals would rather take the HIPPA violation fines when a breech occurs than spend the money shoring up their IT infrastructure.
They are more than happy to save a few pennies on basic software upgrades and patches and allow your sacred patient data to be leaked to the Dark Web in favor of their profits.
No breech is insignificant, they are all serious.
HIPAA that is. DOH!!