Bangor-based Eastern Maine Medical Center began mailing letters Feb. 1 to 660 patients after it failed to locate a portable external computer hard drive containing their personal health information.
The device — which was owned and operated by a third party vendor — stored data on patients who underwent cardiac ablation procedures at its State Street campus between Jan. 3, 2011, and Dec. 11, 2017. The hard drive stored patient names, dates of birth, dates of service, medical record numbers, one-word condition descriptors, and procedural images. It did not store Social Security numbers, addresses or financial information.
Although EMMC believes risk for identity theft related to the incident is low, all affected patients will be offered one free year of identity theft monitoring services. EMMC continues to investigate the incident and has contacted law enforcement to assist.
"Eastern Maine Medical helps many patients through private healthcare matters each day. We take our commitment to uphold our patients' privacy very seriously and are reviewing our processes to strengthen data security," EMMC President Donna Russell-Cook said in a press release.
Becker's Hospital Review has reached out to Eastern Maine Medical Center for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
Ransomware detections up 90%: 3 study insights
Microsoft calls for 'Digital Geneva' in wake of high profile cyberattacks