InterMed Data Breach Exposes 30K Patient Records

A recent InterMed data breach has reportedly put private health and other information at risk for approximately 30,000 patients. InterMed is one of the largest health care providers in the state of Maine, with offices in Portland and Yarmouth.

What Happened?

According to a press release issued on Nov. 5, a hacker was able to access InterMed’s system by way of an employee’s email account. The data breach was discovered on Sept. 6; after the company hired a forensics team to investigate, it was reportedly discovered that three additional employee email accounts were hacked over the next four days.

What Data Was Compromised?

Primarily, the information that was exposed reportedly included patient names, birth dates, insurance information, and clinical data. Over 150 of the affected patient records also contained Social Security numbers. Not all patients have been affected, and InterMed’s electronic health record system was reportedly not involved in the breach.

How Did This Happen?

Unfortunately, investigators have been unable to determine exactly how the hackers were operating or their level of sophistication, nor have they been able to discover who was behind the InterMed data breach. According to cybersecurity expert Mark Monnin of the University of Southern Maine, it may have been a “crime of opportunity.”

According to the Portland Press Herald, the crime may also have been perpetrated by an organized crime ring, or even hackers operating in another country. Monnin says that once a data breach has been uncovered, hackers typically hold off on using their stolen information right away, as they know that their victims will be “more vigilant” about protecting their identities. 

Although the exact details of the Intermed data breach are not known at this point, hackers typically gain access to a computer system by using email attachments (this is known as “phishing”). These attachments are cleverly disguised to look “legitimate,” but often contain a link that activates a software “worm” able to find its way into the system, allowing the hackers to gain access.

In addition to health care facilities, common targets also include banking, business, educational and government or military institutions.

How Often do Data Breaches Occur?

The number of data breaches at health care facilities, banks, and other institutions has been increasing at an alarming rate over the past 15 years. According to Digital Guardian, 783 incidents similar to the Intermed data breach were reported in 2014, representing a 500 percent increase since 2005. Three years later, that figure had more than doubled, with nearly 1600 data breaches reported. 

Despite stepped-up cybersecurity measures, the situation is not improving; this year so far, there have been more than 3,800 such incidents reported. 

How Can Those Affected by the InterMed Data Breach Protect Themselves?

InterMed patients whose information was compromised can contact the company at (855) 946-0129. Intermed is offering free credit monitoring and identity theft protection to those whose Social Security numbers were stolen.

Other patients are advised to review any statements they receive from their insurance companies or health care providers, and contact them immediately should note any charges for services they did not receive.

Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation

If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.