BREAKING NEWS: 24,180 patients of MDI Hospital victimized by cyber attack
BAR HARBOR, July 6, 2023 - Mount Desert Island Hospital’s computer network was breached by unauthorized persons who may have compromised patient records, the hospital announced in a letter to patients last week.
The website DataBreaches.net reported that the hospital notified the U.S. Department of Health and Human Services that the breach involved 24,180 patient records.
The hospital had previously disclosed the incident on June 5, when it posted a notice on their website that said that it had detected unusual activity on their network on May 4. An investigation determined that there had been unauthorized access between April 28 and May 7, 2023.
“The types of information may include your name, and the following: address, date of birth, driver's license, state identification number, social security number, financial account information, medical record, Medicare or Medicaid identification number, mental or physical treatment condition information, diagnosis code information, date of service admission, discharge date, prescription information, billing claims information, personal representative or guardian name, and health insurance information,” the letter stated.
“Although our review is ongoing on June 21, we determined that your information may be affected by this incident.
“In response to this incident, we work with third party specialists to investors to investigate. We secure our network and implement additional safety precautions. We also notify law enforcement we are reviewing our policies and procedures related to data protection.
“Additionally, in an abundance of caution, we are offering you access to 12 months of complimentary credit monitoring and identity protection services. We encourage you to enroll in the complimentary credit monitoring and identity protection services. We are making available to you, information about how to enroll the in the services, along with additional resources available to you are included in the attached steps you can take to help protect your info.”
The hospital web site contains information for patients affected.
I have Life Lock fraud protection. Thanks Rush.
When I received the letter announcing the MDI Hospital data Breech I turned to my wife and said, "Here we go, hours more of my time wasted!" Sure enough the registration process with IDX was almost unbelievable. The questions were so vague you had no idea precisely what they were asking for. For instance under bank account do they want the name of your bank? Do they want the route and transit number of your checking account or just your actual checking account number. I placed 2 phone calls to IDX tech support and the first one was a complete waste of time. The second tech directed me to a separate help page which he assured me would walk me through the process. It didn't offer anything even resembling a step by step set of directions and I was just as confused as before. Worse yet when I entered my checking account number the "Submit" button remained grayed out and would not respond to mouse clicks. So I placed a third call and the tech put me on hold. When he came back he said that my "problem" had been escalated to a higher tech and that I should hear back from them within the next 72 hours. It's bad enough that crucial data was lost by MDI Hospital but to then hire a company to monitor that data loss that itself seems totally incompetent adds insult to injury. Finally I tried calling the MDI Hospital patient advocate but she was busy and the message asked me to leave my phone number. Some years ago a client on my boat tour said, "The biggest problem today is almost a total lack of accountability." I find myself asking who will be held accountable for all this...