Central Maine Healthcare Data Breach Exposes Social Security Numbers

On June 1, 2025, Central Maine Healthcare detected unusual activity in its information technology network, prompting an immediate shutdown of its IT systems, phones and network servers. The healthcare provider then launched an investigation with third-party cybersecurity experts and notified law enforcement.

The investigation revealed that an unauthorized party had accessed the IT environment between March 19 and June 1, 2025. During this time, the intruder was able to access and potentially acquire files containing sensitive patient information.

According to the disclosure filed with the Maine Attorney General’s office, the breach was discovered on July 29th. However, the notice of data security incident on the CMH website states that they "became aware of the incident on June 1, 2025."

The types of information exposed include personally identifiable information (PII) such as names, dates of birth and Social Security numbers, as well as protected health information (PHI) including treatment and diagnostic information.

Central Maine Healthcare will begin notifying affected individuals in writing on Aug. 8, 2025.

Central Maine Healthcare’s response

To help prevent similar incidents in the future, Central Maine Healthcare has implemented enhanced monitoring and alerting software across its IT systems.

For those affected, the organization is offering a complimentary one-year membership to identity protection services through TransUnion. This service includes triple bureau credit monitoring, access to credit reports and scores, fraud assistance and up to $1 million in identity theft insurance.

Affected individuals are encouraged to enroll in the provided identity protection services and to remain vigilant by reviewing account statements and credit reports for unauthorized activity.

For more information, visit Central Maine Healthcare.