Waterville, Maine-based HealthReach Community Health Centers began notifying 116,898 patients that their personal health and financial data may have been exposed after an employee at a third-party data storage facility improperly disposed of hard drives containing patients' data, according to data shared with the Maine attorney general's office Sept. 9.
Four things to know:
- The hard drives with patient data were exposed April 7 and HealthReach was notified of the data breach May 7.
- HealthReach launched an investigation that determined patients' names, birth dates, addresses, Social Security numbers and health-related data was stored on the hard drives. However, the exact elements that might be exposed will vary by patient.
- In response to the breach, HealthReach is ensuring its data storage vendors retrain employees to properly dispose of sensitive patient information.
- HealthReach said it has not received reports of fraud or identity theft pertaining to the breach.