Sturdy Memorial Hospital

On May 28, 2021, the Maine Office of the Attorney General disclosed a data breach at Sturdy Memorial Hospital, stemming from unauthorized access to its systems on February 9, 2021. The incident compromised the personal information of 42,336 individuals, including 28 Maine residents, exposing sensitive data that could lead to identity theft risks. While the exact type of data leaked was not fully detailed, the scale and nature of the breach affecting a healthcare provider suggest exposure of protected health information (PHI) or personally identifiable information (PII), such as names, addresses, Social Security numbers, or medical records.In response, the hospital offered two years of identity theft protection services via Experian to impacted individuals, indicating a proactive but reactive measure to mitigate potential harm. The breach underscores vulnerabilities in healthcare cybersecurity, where unauthorized system access can have severe repercussions for patient privacy and trust. Given the sector’s regulatory obligations (e.g., HIPAA), the incident likely triggered compliance investigations and potential penalties, beyond the immediate reputational and operational fallout.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/e06bf21b-904b-407c-9893-272f28f83734.shtml

TPRM report: https://www.rankiteo.com/company/sturdyhealth

"id": "stu955091725",
"linkid": "sturdyhealth",
"type": "Breach",
"date": "2/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 42336,
                        'industry': 'Healthcare',
                        'location': 'Massachusetts, USA',
                        'name': 'Sturdy Memorial Hospital',
                        'type': 'Hospital'}],
 'customer_advisories': ['Identity theft protection services offered for two '
                         'years through Experian'],
 'data_breach': {'number_of_records_exposed': 42336,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information']},
 'date_publicly_disclosed': '2021-05-28',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Sturdy Memorial Hospital on May 28, 2021. '
                'The breach occurred due to unauthorized access to the '
                "hospital's systems on February 9, 2021, affecting a total of "
                '42,336 individuals, including personal information of 28 '
                'Maine residents. Identity theft protection services were '
                'offered for two years through Experian.',
 'impact': {'data_compromised': ['Personal Information'],
            'identity_theft_risk': 'High (Identity theft protection services '
                                   'offered)'},
 'references': [{'date_accessed': '2021-05-28',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'third_party_assistance': ['Experian (Identity Theft Protection '
                                         'Services)']},
 'title': 'Data Breach at Sturdy Memorial Hospital',
 'type': 'Data Breach'}