Chris Larabee reports:
An unauthorized third party viewed or acquired the personal information of several residents in a March 25 data breach.
Springbrook Software, Deerfield’s data storage provider, notified the town of the incident after it completed an investigation May 6 and the town made a formal announcement Aug. 31 after residents received notification of the breach.
Town Administrator Kayce Warren said the long period of time between Springbrook’s May 6 notification and this week’s announcement is a result of Deerfield going through its own “detailed” investigation process, which involves hiring outside organizations to investigate the incident and draft up the notification letter.
“This is one of the steps,” Warren said about notifying residents by mail. “The timeline is unfortunate.”
Read more on the Greenfield Recorder.
This incident had actually been reported to the Maine Attorney General’s Office on August 26 as impacting 8,104 individuals. That notification also indicated that driver’s license information “or Non-Driver Identification Card Number” may have been involved for individuals.
Curiously, perhaps, external counsel for Deerfield identified Deerfield as being a “healthcare organization” in their report to Maine. DataBreaches.net sent an email to Sean Bowen of Wilson Elser on August 27 to ask whether the data had been from some health plan or what. No response has been received. If there was any health plan involved, then this might appear on HHS’s public breach tool at some point. Then again, the “healthcare organization” on the report to Maine may just have been a mistake…?