MaineGeneral, FBI probe cyber attack

'We continue to investigate precisely what happened'
By Bernie Monegain
12:57 PM
Share
cyber security

MaineGeneral Health CEO Chuck Hays provided details of a cyber attack on the health system's network that has put patient data at risk and involved an FBI investigation.

On Nov. 13, 2015, the FBI notified MaineGeneral that agents had detected MaineGeneral data on an external website that is not accessible by the general public.

The data affected includes the dates of birth and emergency contact names, addresses, and telephone numbers for certain patients referred by a treating physician to MaineGeneral Medical Center for radiology services since June 2009. 

It also includes the names, addresses, and telephone numbers of certain employees, as well as similar information for certain prospective donors.

The data identified to date by the FBI "does not contain Social Security numbers, patient medical or health insurance information, health records, driver's license numbers or credit/financial account information," Hays wrote in a statement on the hospital's website.

[See also: Medical device security? Forget hackers, think 'hand-washing'.]

As soon as it was contacted by the FBI, MaineGeneral Health hired a cyber security forensics firm and launched an internal investigation by its IT team to confirm the security of its system and source of the data breach, Hays noted; the health system continues to cooperate with the FBI.

"With the assistance of the forensic investigators and in cooperation with the FBI, we continue to investigate precisely what happened and what information is at risk," Hays wrote. "Although current information indicates that no credit or financial account information was taken, MaineGeneral is offering impacted individuals access to one year of complimentary credit monitoring and identity restoration services with AllClear ID."

[See also: Message to vendors: think security.]

The health system has established an assistance line dedicated to answering questions regarding the incident and to assist with enrollment in services provided.

To enroll, call 877-441-2645, Monday-Saturday, 9 a.m.-9 p.m. EST or visit  mainegeneral.allclearid.com.

Hays said MaineGeneral Health would be mailing letters directly to patients impacted by the incident and will provide additional information as the investigation evolves. 

MaineGeneral Health, located in Maine's capital, Augusta, includes subsidiaries MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community and MaineGeneral Community Care.