AUGUSTA, Maine — MaineGeneral Medical Center has determined additional protected health information impacting some individuals may have been accessed in the cyberattack on its computer network.
Letters to those impacted are being sent Friday, explaining the stage of the investigation and ways individuals can protect themselves, including access to free credit monitoring and identity restoration services MaineGeneral is offering to those receiving letters of notification.
On Nov. 13, 2015, MaineGeneral was notified by the FBI of the detection of certain data, believed to belong to MaineGeneral, on an external website not hosted by MaineGeneral and not accessible by the general public.
Upon being contacted by the FBI, MaineGeneral launched an internal investigation by its IT team, and on Nov. 18, 2015, MaineGeneral validated the data supplied by the FBI as MaineGeneral data.
MaineGeneral hired a cyber security forensics firm to supplement the internal investigation by its IT team. MaineGeneral continues to cooperate with the FBI.
While the FBI investigation continues, MaineGeneral’s investigation is nearing completion. The forensic team has determined certain protected health information on its network was or may have been subject to unauthorized access on or about Sept. 11 and Sept. 12, 2015, including the following:
— The following information relating to patients referred for radiology services since June of 2009: name, address, date of birth, demographic information, medical information including name of referring physician and allergy information, Social Security number, medical insurance information, medical record number, emergency contact information, guarantor information and employer information.
— The names, Social Security numbers, addresses, phone numbers, attending physician name, account number and age of certain patients in a patient advocacy file.
— The names, Social Security numbers, dates of birth, addresses, medical record numbers, treatment information and health history information of certain patients in a patient diagnostic registry file.
— The names and addresses of certain patients on a mailing list file related to a physician departure in October 2010.
— The names, addresses, dates of birth, Social Security numbers and medical identification numbers of certain patients in a monitoring system file.
— The name, address, procedure date, procedure description, diagnosis and treatment choice of a patient in a letter to the patient.
— The names, addresses and telephone numbers of certain employees.
— The names, addresses and telephone numbers of certain prospective donors.
MaineGeneral has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft.
This assistance line can be reached at 1-877-216-8137, 9 a.m. to 7 p.m. Monday to Friday. Please provide the following reference number when calling: 636-201-0416.