April 08, 2020
State Latest News | Coronavirus | Bangor Metro | 2020 Primaries | Today's Paper

More than 20,000 clients’ information compromised after Sweetser email hacking

Nick McCrea | BDN
Nick McCrea | BDN
A sign marking Sweetser's campus in Belfast along Route 3.

Personal, health and financial information of more than 20,000 clients of a Maine mental health agency was compromised following a June email hacking incident, the agency said Friday.

Sweetser, a nonprofit organization with operations throughout much of the state, said that an employee’s email account had been hacked in June, leading to the data security breach.

The information contained in the hacked email account may have included clients’ names, addresses, dates of birth, telephone numbers, Social Security numbers, health insurance information and identification numbers, driver’s license numbers, Medicare or Medicaid information, payment or claims information, diagnostic codes, and information regarding medical conditions and treatment, according to the agency.

Sweetser notified the affected people Friday, four months after the unusual email activity was detected.

A digital forensics team the mental health services provider hired found that, for a 10-day period from June 18 to 27, Sweetser employee email accounts were subject to unauthorized third-party access.

On Sept. 10, the investigation revealed that multiple employee email accounts might have been hacked for information.

The nonprofit said it has no evidence that the information has been misused.

The letters informing current and former clients of the security breach include information about this incident and list steps clients can take to monitor and help protect their personal information.

The Office of Civil Rights under the U.S Department of Health and Human Services is investigating the case. It is one of two open cases involving security breaches at Maine health care providers. The other case — involving a hacking incident at a collection agency that could have exposed personal and financial information of some Penobscot Community Health Care patients — was reported in July.

Sweetser has set up a toll-free call center at 833-444-4458 to answer questions about the data breach and address related concerns.


Correction: An earlier version of this article misstated the nature of the breach involving the information of Penobscot Community Health Care patients.

Have feedback? Want to know more? Send us ideas for follow-up stories.

You may also like