Portland, Maine-based InterMed began notifying approximately 30,000 patients Nov. 5 regarding a cybersecurity incident that may have exposed their information, according to local NBC affiliate News Center Maine.
In a statement on the company's website, InterMed said it discovered in September that an unauthorized third party had gained access to four employee email accounts. Upon investigation, InterMed could not determine what messages or attachments were viewed.
Patient data that may have been exposed included names, dates of birth, health insurance information and clinical information. A limited number of Social Security numbers may have also been exposed. The unauthorized third party did not again access to InterMed's EHR.
"We deeply regret any concern this may cause. The health and safety of our patients — including the safety of patient data — is our top priority. To help prevent something like this from happening again, we are enhancing our adherence to email best practices," InterMed said in a Nov. 4 statement.