Penobscot Community Health Care Credit: Gabor Degre

A health care provider in the Bangor region is warning some patients that their personal and credit card information may have been exposed in a possible data breach at a third party collection agency, a spokesman for Penobscot Community Health Care said Friday.

Penobscot Community Health Care has a contract with American Medical Collection Agency, a company which reported that an unauthorized person may have accessed its systems between August 2018 and March 2019, according to spokesman Dan Cashman.

Penobscot Community Health Care was notified of the possible breach about two months ago, on May 15, Cashman said. It is mailing letters to patients who may have been affected.

American Medical Collection Agency had a standard industry contract to collect on overdue bills of patients at Penobscot Community Health Care, a regional group that offers a mix of medical and dental services across the Bangor region, according to Cashman.

The information on American Medical Collection Agency’s systems included patient names, dates of birth, names of referring medical providers and other medical information related to care offered at Penobscot Community Health Care.

“Some patients who made a credit card payment to AMCA may have also had their credit card information involved,” Cashman said. “AMCA informed PCHC that no PCHC patient health records, diagnoses or treatment information was impacted by this incident.”

He recommended that patients review their statements from health care providers. If they find billed services they did not receive, they should contact the provider immediately or reach out with any questions to a dedicated Penobscot Community Health Care call center at 844-243-3018, which will be available during business hours.

Cashman also said that the Bangor-area group has stopped doing business with American Medical Collection Agency and is working to retrieve and secure all of its data that may have been involved.

“The health and safety of our patients is our top priority, and that includes the safety of our patient data,” said Lori Dwyer, president and CEO of Penobscot Community Health Care. “Our own internal data security system is strong, and was not affected by AMCA’s incident. PCHC is absolutely committed to patient safety and privacy, and we are here to assist our patients through this.”