A major data security incident at Connecticut-based Community Health Center has exposed sensitive medical records and personal information of over one million patients, according to a recent filing with the Maine Attorney General's office.
The breach, discovered on January 2nd, involved unauthorized access to the healthcare provider's network systems by what officials described as a "skilled criminal hacker." The attacker managed to steal files containing detailed medical and personal data of 1,060,936 individuals before being detected.
According to Mark Masselli, president and CEO of Community Health Center, the organization's security teams identified and stopped the unauthorized access within hours. While no data was deleted or encrypted, and healthcare operations remained unaffected, the stolen information included sensitive details such as:
- Patient names and contact information
- Dates of birth
- Social Security numbers
- Medical diagnoses and treatment records
- Laboratory test results
- Health insurance information
In response to the incident, Community Health Center has implemented additional security measures and monitoring tools to detect suspicious activities. However, the exposure of such comprehensive medical and personal data raises serious concerns about potential misuse through identity theft or extortion attempts.
The breach highlights ongoing cybersecurity challenges faced by healthcare organizations that maintain large databases of sensitive patient information. As attacks on healthcare providers continue to rise, protecting medical records and personal data remains a critical industry-wide challenge.
Affected patients are being notified about the data breach through individual letters, which outline steps they can take to protect themselves from potential fraud or identity theft attempts using their compromised information.