13.01.2026
2 min
382
Central Maine Healthcare (CMH) has confirmed a large-scale data breach that exposed sensitive personal and medical information of at least 145,381 individuals, after attackers maintained access to its systems for more than two months.
According to official disclosures, unauthorized access occurred between March 19 and June 1, 2025, before CMH detected the intrusion. The final forensic investigation concluded on November 6, 2025, increasing the total number of affected individuals to over 145,000.
The compromised data may include information related to patients as well as current and former employees. Depending on the individual, exposed data could involve full names, dates of birth, treatment details, dates of service, provider names, health insurance information, and Social Security Numbers (SSNs).
CMH warned that the breach increases the risk of phishing attacks, impersonation, and financial fraud, urging affected individuals to carefully review medical and insurance statements for suspicious activity.
Central Maine Healthcare is a major healthcare provider serving approximately 400,000 people and operating hospitals such as Central Maine Medical Center, Bridgton Hospital, and Rumford Hospital. In response to the incident, CMH established a dedicated support hotline and is offering free credit monitoring services to mitigate financial risks.
As of publication, no threat actor has publicly claimed responsibility for the breach.
The Central Maine Healthcare breach highlights the continued vulnerability of healthcare organizations to cyberattacks. The combination of medical and personal data makes such incidents particularly damaging, with long-term consequences for affected individuals.
