Central Maine Healthcare Data Breach Exposes Social Security Numbers

On June 1, 2025, Central Maine Healthcare detected unusual activity in its information technology network, prompting an immediate shutdown of its IT systems, phones and network servers. An investigation determined that a cybercriminal accessed Central Maine Healthcare's IT environment between March 19, 2025 and June 1, 2025.

A review revealed that the unauthorized actor may have accessed or acquired files containing patient personal and protected health information. Compromised information includes names, dates of birth, Social Security numbers, treatment information and diagnostic information.

Central Maine Healthcare published a Notice of Data Security Incident on its website on July 31, 2025. The organization began notifying impacted patients by mail on Aug. 8, 2025. The number of affected individuals is at least 7,223.

The data breach was also disclosed to the U.S. Department of Health and Human Services and the Maine Attorney General's office on July 31, 2025.

Central Maine Healthcare’s response

Central Maine Healthcare has implemented enhanced monitoring and alerting software across its IT systems. The organization is also offering 12 months of free TransUnion three-bureau credit monitoring services. This includes access to credit reports and scores, fraud assistance and up to $1 million in identity theft insurance.

If you receive notification from Central Maine Healthcare, you may want to:

• Sign up for the free credit monitoring services, offered by the organization.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the healthcare organization, visit Central Maine Healthcare.