[BreachExchange] InterMed reports email hack exposing information on 30, 000 patients

[Destry Winant]

https://www.pressherald.com/2019/11/06/intermed-reports-email-hack-exposing-information-on-30000-patients/

Portland-based health care provider InterMed was the target of a hack
that potentially compromised the medical and personal information of
about 30,000 patients.

An “unauthorized third party” accessed the email account of an
employee between Sept. 4-6, InterMed said in a news release Tuesday.

The breached accounts contained information that may have included
patient names, dates of birth, health insurance information and/or
clinical information. The accounts also contained the Social Security
numbers of 155 patients, the company said.

InterMed said it learned of the unauthorized access on Sept. 6.

“The company immediately took steps to secure the account and hired a
nationally recognized forensics team to conduct a comprehensive,
independent investigation,” the release said. “The investigation could
not determine what specific messages or attachments were viewed – if
any – but did determine that an additional three email accounts were
likely subject to unauthorized access between Sept. 7 and Sept. 10,
2019.”

John Lamb, InterMed spokesman, said that patients were notified of the
breach this week, as soon as the investigation was completed.

“The investigation included a thorough, manual review of all
potentially impacted files,” Lamb said. InterMed serves about 100,000
patients, with offices in Portland, South Portland and Yarmouth. The
company offers services that include primary care, pediatrics,
obstetrics, urgent care, physical therapy, cardiology and sports
medicine.

InterMed reviewed all messages and attachments in the email accounts
to identify patients whose information had been accessed by the
hacker.

“This incident did not impact all InterMed patients – only those
patients whose information was in the affected email accounts,” the
release said.

“We are taking this matter very seriously,” InterMed CEO Dan McCormack
said in the statement. “… We are accelerating plans already underway
to strengthen our security. The health and safety of our patients –
including the safety of patient data – is our top priority.

“InterMed is absolutely committed to patient privacy and protecting
individuals’ data.”

Lamb said InterMed is not aware of any patients reporting that their
information was being misused.

Mark Monnin, a cybersecurity expert at the University of Southern
Maine, said investigating a breach can be time-consuming because
investigators do not know – at the onset – how sophisticated the
hackers are. He said it could be an individual doing a “crime of
opportunity,” organized crime or even foreign hackers.


Monnin said after the breach is discovered and becomes public, the
hacker often will not use the information for months or longer,
knowing that those who were potential victims are being more vigilant
about identity theft.

In Maine, people can lock or unlock their credit profile for free by
going to the Consumer Credit Protection page on the Department of
Professional & Financial Regulation website.

The breach at Intermed comes on the heels of a similar hack at
Sweetser, a Saco-based mental health nonprofit, that affected 22,000
current and former clients. That breach occurred over the summer and
was made public on Oct. 25.

InterMed has established a call center to answer any questions
individuals may have about the incident. Patients with questions can
call toll-free at 1-855-946-0129, Monday through Friday between 9 a.m.
and 6:30 p.m.

InterMed said it is offering free credit monitoring and identity
protection services to any patient whose Social Security number was
contained in the email accounts. The company also recommends that
affected patients review statements from their health insurers or
healthcare providers. If they see charges for services not received,
they should contact the insurer or provider immediately, the release
said.