Mount Desert Island Hospital, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Mount Desert Island Hospital, Inc. (MDIH) in Bar Harbor, Maine, experienced a data security incident involving unauthorized access to its network between April 28, 2023, and May 7, 2023. The breach was first detected due to unusual activity on their network on May 4, 2023, and law enforcement was notified[1]. The types of information potentially impacted by this incident include names, addresses, dates of birth, driver’s license/state identification numbers, Social Security numbers, financial account information, medical record numbers, Medicare or Medicaid identification numbers, mental or physical treatment/condition information, diagnosis codes/information, dates of service, admission/discharge dates, prescription information, billing/claims information, personal representative or guardian names, and health insurance information[1][4].
The total number of persons affected by the breach was 32,661, including 26,046 Maine residents[2]. MDIH began mailing notices to potentially impacted individuals on June 30, 2023, and offered complimentary credit monitoring and identity protection services for 24 months through IDX[2]. The Snatch ransomware group was identified as being behind the cyberattack, and they claimed to have stolen 266 GB of data, which was listed on their leak site[4].
In response to the incident, MDIH worked with third-party specialists to re-secure their network, implement additional security precautions, and review their policies and procedures related to data protection[1]. Individuals affected by the breach were encouraged to remain vigilant against identity theft by reviewing account statements and explanation of benefits forms for suspicious activity and to detect errors. They were also advised on how to place a fraud alert or credit freeze by contacting the credit reporting agencies[1].
For more information about the incident or to enroll in the complimentary credit monitoring services, individuals were directed to contact MDIH’s dedicated assistance line[1].
Citations:
- https://www.mdihospital.org/notice-of-data-security-incident/
- https://apps.web.maine.gov/online/aeviewer/ME/40/4edaf9ec-0c98-4ae2-8382-6b44675f62ab.shtml
- https://www.mdihospital.org
- https://www.hipaajournal.com/snatch-ransomware-group-behind-mount-desert-island-hospital-cyberattack/
- https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
- https://apps.web.maine.gov/online/aeviewer/ME/40/de93584a-6040-4e49-8ec8-b276479c95a2.shtml
- https://dojmt.gov/consumer/databreach/
- https://ago.vermont.gov/sites/ago/files/2023-07/2023-06-30%20Mount%20Desert%20Island%20Hospital%20Data%20Breach%20Notice%20to%20Consumers.pdf
- https://law.justia.com/cases/federal/appellate-courts/F3/156/31/481970/
- https://www.themainewire.com/2023/07/24180-patient-records-potentially-exposed-in-mount-desert-island-hospital-data-breach/
- https://www.techtarget.com/searchsecurity/feature/Publicly-disclosed-US-ransomware-attacks-in-2023
- https://theqsjournal.substack.com/p/breaking-news-24180-patients-of-mdi
- https://themainemonitor.org/in-a-first-for-maine-ransomware-hackers-hit-two-public-wastewater-plants/
- https://www.linkedin.com/posts/jaredrimer_mount-desert-island-hospital-updates-its-activity-7111114085127114752-az6k
- https://www.hipaaguidelines101.com/47-increase-in-ransomware-attacks-and-data-breaches-reported-by-mount-desert-island-hospital-and-pharm-pacc-corporation/