The FBI is investigating an attack on the MaineGeneral computer network where certain patient data may have been compromised.

In a statement released on Dec. 8, MaineGeneral Health CEO Chuck Hays said that MaineGeneral has been working with investigators for several weeks regarding the attack.

"On Nov. 13, 2015, MaineGeneral was notified by the Federal Bureau of Investigation (FBI) of the detection of certain MaineGeneral data on an external website, which is not accessible by the general public," said Hays. "MaineGeneral immediately hired a highly respected cyber security forensics firm and launched an internal investigation by its IT team to confirm the security of our system and source of the data breach, and continues to cooperate with the FBI."

Hays added that the compromised data was for patients referred to the medical center for radiology treatment by a treating physician (who was not named) since 2009.

"While MaineGeneral’s investigation continues, we have confirmed at this point that the data identified by the FBI includes the date of birth and emergency contact name, address, and telephone number for certain patients referred by a treating physician to MaineGeneral Medical Center for radiology services since June 2009," he said.

According to Hays' statement, the data under investigation includes the names, addresses, and telephone numbers of certain employees, as well as similar information for certain prospective donors. The data identified to date by the FBI does not contain Social Security numbers, patient medical or health insurance information, health records, driver’s license numbers, or credit/financial account information, said Hays.

Hays said that MaineGeneral has no indication that any credit or financial information was compromised, but MaineGeneral is taking the precaution of offering any patients impacted by the data breach access to one year of complimentary credit monitoring and identity restoration services.

"We’ve established an assistance line dedicated to answering questions regarding this incident and to assist with enrollment in these services," said Hays in his statement. "To enroll, call 877-441-2645 Monday - Saturday, 9AM - 9PM or visit  mainegeneral.allclearid.com."

Hays said that patients affected by the attack will be receiving letters from MaineGeneral with more information.

In its statement, Maine General also provided the following fraud prevention tips.

•    Review account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.

•    Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

•    Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit http://www.annualcreditreport.com/or call, toll-free, 877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report:

Equifax
P.O. Box 105069
Atlanta, GA 30348
800-525-6285
www.equifax.com

Experian
P.O. Box 2002
Allen, TX 75013
888-397-3742
www.experian.com

TransUnion
P.O. Box 2000
Chester, PA 19022
800-680-7289
www.transunion.com

•    Placing a “fraud alert” on your credit file. A “fraud alert” will tell creditors to take additional steps to verify your identity prior to granting credit in your name; however, because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the credit bureaus verify your identity.  As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your files. You may use the contact information listed above to contact the major credit bureaus and place a “fraud alert” on your credit report.

•    Placing a “security freeze” on your credit file, that prohibits a credit reporting agency from releasing any information from your credit report without your written authorization but may delay, interfere with, or prevent the timely approval of any requests for new credit. If you have been a victim of identity theft, and provide the credit reporting agency with a valid police report, the credit reporting agency cannot charge to place, lift or remove a security freeze. In all other cases, a credit agency may charge you a fee to place, temporarily lift, or permanently remove a security freeze. You must contact each of the credit reporting agencies separately to place a security freeze on your credit file:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
800-685-1111www.freeze.equifax.com

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
888-397-3742
www.experian.com

TransUnion LLC
P.O. Box 2000
Chester, PA 19022
freeze.transunion.com

•    Educating yourself further on identity theft, fraud alerts, and the steps one can take to protect against identity theft and fraud by contacting the Federal Trade Commission or your state Attorney General. The Maine Attorney General can be reached at:  6 State House Station, Augusta, Maine, 04333, 626-8800.

The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.ftc.gov/idtheft/, 877-438-4338, TTY: 1-866-653-4261. Further information on how to file such a complaint can be gained by contacting any of the reporting credit agencies listed above.