DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mount Desert Island Hospital notifies 24,180 patients of April network attack

Posted on July 1, 2023 by Dissent

On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there had been unauthorized access between April 28 and May 7, 2023.

The types of information that may have been impacted reportedly included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account information, medical record number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name, and health insurance information.

As of June 5, they said they were unaware of any misuse of information.

In response to the incident, they worked with third-party specialists to re-secure their network, implemented additional security precautions, reviewed policies and procedures related to data protection.

Their June 5 notice does not mention offering patients any complimentary protection or mitigation services.

There does not seem to be any update to their notice.

DataBreaches first became aware of this incident on June 5, but not because of the hospital’s notice. Snatch Team had added a listing to their leak site for the hospital on June 5.

Listing for MDIHospital.org on Snatch leak site shows Created: Jun 3, 2023 01:07 AM Updated: Jun 5, 2023 03:35 AM
Screencap of Mount Desert Island Hospital listing on Snatch Team leak site. Image: DataBreaches.net

 

 

On June 5, there was no proof of claims or files posted by Snatch Team. Nor has any proof of claims been posted since then on the threat actors’ site.

But did the hospital know about Snatch Team by June 5 when they posted their notice? There is no mention of any extortion demand in their June 5 notice.

DataBreaches sent an email inquiry to the hospital today that posed four questions:

  1. What extortion demand did MDI Hospital receive from “Snatch Team?”
  2. Did the hospital contact/negotiate with them at all?
  3. Did the hospital decide not to pay?
  4. If Snatch Team leaks the data, will the hospital then post a new notification warning patients that their data has been leaked on the internet?

No reply was received by publication.

Related posts:

  • At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
  • Mount Desert Island Hospital updates its breach disclosure again but still doesn’t reveal what data were leaked
  • Four ransomware attacks on non-U.S. medical entities: Did anyone get notified?
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← TSMC confirms data breach after LockBit cyberattack on third-party supplier
16-year-old youth among 13 arrested for alleged involvement in banking-related malware scams in Singapore →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.