The Mount Desert Island Hospital in Bar Harbor has notified 24,180 patients that their private patient records may have been exposed during a network intrusion that affected the hospital between April 28 and May 7.
“The types of information that may have been impacted reportedly included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account information, medical record number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name, and health insurance information.”
In a June 5 online statement, the hospital said it has begun mailing notices to affected customers and is offering “complimentary” credit monitoring and identity protection services to victims. It updated that statement Thursday.
The initial statement flew relatively under the radar until it was picked up on July 1 by DataBreaches.net and later blogged about by Lincoln Millstein in his Bar Harbor-centric Substack newsletter, The Quietside Journal.
“In response to this incident, we worked with third-party specialists to re-secure our network, implement additional security precautions, and we are reviewing our policies and procedures related to data protection,” the hospital said.
There is no indication yet who hacked the network and what they may be doing with any data they may have acquired.