Data Breach at Central Maine Healthcare Impacts 145,000+
▼ Summary
– A data breach at Central Maine Healthcare exposed sensitive information of over 145,000 individuals, including patients and employees.
– The hackers had unauthorized access to the organization’s systems for more than two months, from March 19 to June 1.
– The compromised data includes full names, Social Security Numbers, dates of birth, treatment details, and health insurance information.
– Affected individuals face increased risks of phishing and fraud, and CMH is offering free credit monitoring and a support line.
– The investigation concluded on November 6, 2025, but no threat actors had publicly claimed responsibility for the attack at the time of reporting.
A significant cybersecurity incident at Central Maine Healthcare last year compromised the personal and medical data of over 145,000 people. The breach, which remained undetected for more than two months, highlights the persistent threat to sensitive health information. The hackers had access to the organization’s systems from March 19 to June 1, 2023, a substantial window during which they could exfiltrate data. Central Maine Healthcare, a major provider serving approximately 400,000 residents through facilities like Central Maine Medical Center and Bridgton Hospital, completed its forensic investigation in November, finalizing the impacted count at 145,381 individuals.
The compromised information is extensive and particularly sensitive. According to the healthcare system’s notification, the exposed data includes full names, dates of birth, Social Security numbers, health insurance details, treatment information, dates of service, and provider names. The specific data points vary from person to person, but the combination creates a severe risk for identity theft and fraud. The breach affected not only patients but also current and former employees of the CMH network.
This type of data exposure significantly increases the risk of targeted phishing attempts, medical identity fraud, and financial impersonation for those involved. In response to the incident, Central Maine Healthcare has advised all potentially affected patients to vigilantly review their medical statements and insurance explanation of benefits documents. Any services or charges that do not look familiar should be reported to the provider or insurer without delay.
To assist those impacted, CMH has established a dedicated support line for questions and concerns. The organization is also providing complimentary credit monitoring and identity protection services to help mitigate the potential for financial harm. While the source of the attack remains unclear, and no threat actor has publicly claimed responsibility, the breach underscores the critical importance of robust cybersecurity defenses in the healthcare sector, where the protection of personal data is paramount.
(Source: Bleeping Computer)
