AUGUSTA — Citing the feedback he’s received from constituents, a Waterville legislator is asking MaineGeneral Medical Center to extend for an additional year credit and identity protection to patients and employees affected by a September 2015 data breach.

Rep. Henry Beck, D-Waterville, said he’s received more communication about this issue than any other he’s dealt with in the two-year session that started in January 2015.

“I am pleased to learn that MaineGeneral will offer credit restoration services, but I believe an extended period of credit monitoring services is essential to providing patients the security they need,” Beck said in a news release from the House Democratic Office. Beck is the House chairman of the Insurance and Financial Services Committee.

He issued his call for additional protections Wednesday, just as an estimated 120,000 people who have worked for or been patients at MaineGeneral are receiving notification via postal mail about the breach. The letters explain the circumstances of the data breach and provide information on signing up for one year’s worth of free credit monitoring and identity restoration service through Experian, a credit reporting agency.

About 70 of those people, all residents of the district Beck represents in Waterville and Oakland, contacted him with concerns about the data breach and wondering whether they should pursue credit monitoring.

“MaineGeneral is an excellent hospital,” Beck said in an interview, “and it is also a victim of the data breach.” However, he added, “patients should be the last ones to bear the burden of this hacking attack.”

He noted that a data breach in 2015 of health insurance company Anthem Inc. resulted in affected customers receiving two years of credit monitoring and identity theft protection.

“I had a good conversation with (MaineGeneral CEO) Chuck Hays, and I appreciate they are doing all they can,” he said. “At this point, I am asking for them to offer two years of services.”

In a statement released Wednesday, MaineGeneral said it appreciated Beck’s support and added this: “We want to assure the community that we engaged experts who work on cyber attacks and the one year credit monitoring with the ExtendCARE was deemed by them to be appropriate for this type of breach. We do encourage anyone who has any questions about the breach and protection offered to call the call center.”

The hospital also noted that it is offering coverage for fraud protection indefinitely.

With the credit monitoring service, Experian monitors credit reports daily to see whether key information has changed or new data has been added. If any essential information has changed, Experian will send a notification so the people who have signed up for the service can identify fraudulent activity as soon as possible in instances in which suspicious activity is detected. The service also will send a monthly “All Clear” email when no key changes have been posted to any of the three national credit reports in the past month.

In addition to the letters and the free credit monitoring, MaineGeneral also has set up a call center to field questions on this data breach. The call center can be reached by calling 877-216-8137. It is available 9 a.m. to 7 p.m., Monday through Friday. MaineGeneral has provided this reference number to be used when calling: 6362010416.

Beck said he’s been a patient of MaineGeneral, but he wasn’t sure whether he had received a letter yet.

In December, hospital officials notified employees and patients that the FBI had informed them a data breach had occurred and the compromised information included dates of birth, emergency contact information and addresses and telephone numbers of patients referred for radiology services since the middle of 2009 at a number of MaineGeneral locations. The breach also included names, addresses, and telephone numbers of prospective financial donors and some employees who were listed on an old database. Officials estimated that 118,000 people might be affected.

Earlier this month, hospital officials increased their estimate of the number of people affected by 2,000 and said the compromised information also included Social Security numbers, following their own investigation. There was no indication at that time that any fraud or ID theft had occurred as a result of the breach.

The hospital has recommended that people affected by the breach take measures to protect themselves, including reviewing account statements, medical bills and health insurance statements; placing a fraud alert on their credit card files to tell creditors to take additional steps to verify their identities before granting credit in the card holders’ names; placing a security freeze on their credit files to prohibit a credit reporting agency from releasing any information from a credit report without the account holders’ written authorization; and reporting suspicious activity to local law enforcement.

Beck said MaineGeneral has complied with the Maine’s notification statute in informing its employees and the patients about the breach. He said the Insurance and Financial Services Committee has seen some proposals on data breaches, but he’s not introducing any legislation on the topic right now.

“I would just like to see extended coverage,” he said.

The FBI is continuing to investigate the cyberattack.

Jessica Lowell — 621-5632

[email protected]

Twitter: @JLowellKJ


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.