Improper disposal of hard drives expose data of 116,000 patients at Maine clinic

Waterville, Maine-based HealthReach Community Health Centers began notifying 116,898 patients that their personal health and financial data may have been exposed after an employee at a third-party data storage facility improperly disposed of hard drives containing patients’ data, according to data shared with the Maine attorney general’s office Sept. 9.

Advertisement
Hannah Mitchell

Four things to know:

  1. The hard drives with patient data were exposed April 7 and HealthReach was notified of the data breach May 7.
  2. HealthReach launched an investigation that determined patients’ names, birth dates, addresses, Social Security numbers and health-related data was stored on the hard drives. However, the exact elements that might be exposed will vary by patient.
  3. In response to the breach, HealthReach is ensuring its data storage vendors retrain employees to properly dispose of sensitive patient information.
  4. HealthReach said it has not received reports of fraud or identity theft pertaining to the breach.

RCM trend report: How leaders can protect revenue + adapt to disruption

Recommended Live Webinar on Feb 19, 2026 11:00 AM - 12:00 PM CST

Advertisement

Next Up in Cybersecurity

Advertisement

Comments are closed.