Over 20,000 Customer Information Compromised After Sweetser Email Hack
The personal, health and financial information of more than 20,000 clients of a mental health agency in Maine has been compromised following an email hacking incident in June, the agency said on Friday.
Sweetser, a nonprofit with a presence in much of the state, said an employee’s email account was hacked in June, resulting in the data security breach.
The information in the hacked email account may include names, addresses, dates of birth, phone numbers, social security numbers, health insurance information and customer identification numbers, driver’s license numbers, Medicare information or Medicaid, payment or claim information, diagnostic codes, and information regarding medical conditions and treatment, depending on the agency.
Sweetser notified those affected on Friday, four months after the unusual email activity was detected.
A digital forensics team the mental health service provider hired discovered that during a 10-day period from June 18-27, Sweetser’s employee email accounts were subject to unauthorized third-party access.
On September 10, the investigation revealed that several employee email accounts may have been hacked into obtaining information.
The association said it had no evidence that the information was misused.
Letters notifying current and former customers of the security breach include information about the incident and list actions customers can take to monitor and help protect their personal information.
The US Department of Health and Human Services Civil Rights Office is investigating the case. This is one of two open cases involving security breaches among health care providers in Maine. The other case – involving a hacking incident at a collection agency that may have revealed personal and financial information of some patients at Penobscot Community Health Care – was reported in July.
Sweetser has set up a toll-free call center at 833-444-4458 to answer questions about the data breach and resolve related issues.