The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Breaches at Two Maine Healthcare Providers Exposes Data on 52,000

by Chris Brook on Thursday November 7, 2019

Contact Us
Free Demo
Chat

Two breaches at healthcare providers in Maine recently led to the exposure of 52,000 patients' protected health information.

Two of Maine's biggest healthcare providers recently announced breaches collectively impacting over 50,000 patients.

InterMed P.A., a health provider in Southern Maine disclosed its breach on Tuesday, revealing that attackers got access to one of its employee's email accounts earlier this fall, on September 6. After recruiting a digital forensics firm it was able to determine that three additional employee email accounts were hacked between September 7 and 10, something which led to the compromise of data on 30,000 of its patients. Included in the breach are patient names, dates of birth, health insurance information and clinical information.

Only a limited number of patient Social Security numbers were exposed, according to the company.

InterMed, which has offices in Portland, South Portland, and Yarmouth and specializes in providing healthcare to cardiology, dermatology, OB/GYN, and sports medicine patients, began notifying patients on Tuesday this month.

The news comes about 10 days after Sweetser, a mental health services provider based in Saco but with offices across the state, disclosed a breach of its own. At the end of October, the nonprofit sent letters to 22,000 current and former clients informing them that some of their data, including PHI - protected health information - may have been exposed.

Potentially included in the Sweetser breach are patient names, addresses, dates of brith, telephone numbers, social security numbers, and in some scenarios, health insurance information, driver's license numbers, Medicare or Medicaid information, information on payments or claims the patients have made, and information regarding the patients' medical conditions.

Like the InterMed incident, it appears Sweetser also fell victim to an employee email account hack. Unfortunately, like many, many incidents like this, details on what led to the hack is scant.

According to letters sent to victims, the breach was "limited to information transmitted via email and did not affect any of their other information systems” and occurred from June 18 to June 27. Sweetser discovered the hack on June 27, suggesting it put an end to whatever access the hacker had.

The lapse in discovery to disclosure - roughly four months - can be attributed to the time the company was engaged with the Department of Health and Human Services' Office for Civil Rights, which Sweetser reported the breach to on September 10, following incident response remediation.

While data breaches continue to be an issue for healthcare firms –  they cost organizations $6.45 million per breach, according to IBM and Ponemon's 2019 Cost of a Data Breach report - email breaches and phishing attacks remain a top challenge.

According to a study published in the Annals of Internal Medicine last month, most of these breaches – 71 percent - result in the exposure of data that goes on to be used by attackers committing identity theft, a statistic which adds some palpable and in many times fiduciary loss to the breaches.

Tags: Industry Insights, Healthcare

Recommended Resources


  • Best practices for managing DLP in healthcare
  • Overview of vendors' strengths and weaknesses
  • Top use-cases for DLP in healthcare
  • Top InfoSec concerns for healthcare professionals
  • How to protect sensitive data with DLP
  • Advice from security experts and analysts

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.