DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mount Desert Island Hospital notifies 24,180 patients of April network attack

Posted on July 1, 2023 by Dissent

On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there had been unauthorized access between April 28 and May 7, 2023.

The types of information that may have been impacted reportedly included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account information, medical record number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name, and health insurance information.

As of June 5, they said they were unaware of any misuse of information.

In response to the incident, they worked with third-party specialists to re-secure their network, implemented additional security precautions, reviewed policies and procedures related to data protection.

Their June 5 notice does not mention offering patients any complimentary protection or mitigation services.

There does not seem to be any update to their notice.

DataBreaches first became aware of this incident on June 5, but not because of the hospital’s notice. Snatch Team had added a listing to their leak site for the hospital on June 5.

Listing for MDIHospital.org on Snatch leak site shows Created: Jun 3, 2023 01:07 AM Updated: Jun 5, 2023 03:35 AM
Screencap of Mount Desert Island Hospital listing on Snatch Team leak site. Image: DataBreaches.net

 

 

On June 5, there was no proof of claims or files posted by Snatch Team. Nor has any proof of claims been posted since then on the threat actors’ site.

But did the hospital know about Snatch Team by June 5 when they posted their notice? There is no mention of any extortion demand in their June 5 notice.

DataBreaches sent an email inquiry to the hospital today that posed four questions:

  1. What extortion demand did MDI Hospital receive from “Snatch Team?”
  2. Did the hospital contact/negotiate with them at all?
  3. Did the hospital decide not to pay?
  4. If Snatch Team leaks the data, will the hospital then post a new notification warning patients that their data has been leaked on the internet?

No reply was received by publication.

Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← TSMC confirms data breach after LockBit cyberattack on third-party supplier
16-year-old youth among 13 arrested for alleged involvement in banking-related malware scams in Singapore →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.