- CMH breach exposed PII of 145,381 patients and employees in March 2025
- Stolen data includes names, SSNs, health insurance, and treatment information
- No actors claimed responsibility; victims offered credit monitoring and support services
The data breach incident that happened at Central Maine Healthcare (CMH) in spring 2025 affected more than 145,000 people, who may have lost personally identifiable information (PII) to unidentified hackers.
The organization confirmed the news in a data breach notification letter which was sent out to all affected individuals, noting the cyberattack happened in late March and was spotted in June 2025.
After ousting the intruders, CMH kicked off an investigation, to determine what happened and what the damage was, which concluded on November 6, 2025, when CMH realized sensitive data on exactly 145,381 individuals had been taken.
Data yet to surface
The stolen data included people’s names, dates of birth, treatment information, dates of service, provider names, health insurance information, and Social Security numbers (SSN). Both employees and patients were said to be affected by this breach.
"For patients whose information may have been involved in the incident, Central Maine Healthcare recommends that they review the statements they receive from their healthcare providers and health insurance plans," the organization said. "If they see any services that were not received, they should contact the provider or health plan immediately."
As is standard practice in these situations, CMH is offering free credit and identity theft monitoring services, as well as a dedicated support line where victims can get answers, report abuse, and discuss potential concerns.
At press time, no threat actors assumed responsibility for this attack, and the data that was stolen is yet to surface anywhere on the dark web. Criminals are most likely to either use it in phishing attacks or sell it to a different actor.
Central Maine Healthcare is an integrated nonprofit health care delivery system that serves about 400,000 residents across central, western, and mid-coast parts of Maine.
It operates three hospitals: Central Maine Medical Center in Lewiston, Bridgton Hospital, and Rumford Hospital, as well as a large primary and specialty care network with more than 600 physicians and advanced practice professionals in over 40 locations. Its services include trauma care, cardiovascular and cancer treatment, and LifeFlight helicopter service.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.