A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals.

The hackers persisted on the organization's systems for more than two months last year, between March 19 and June 1, when CMH discovered the intrusion.

The CMH integrated healthcare delivery system serves at least 400,000 people and manages hospitals like Central Maine Medical Center (CMMC), Bridgton Hospital, and Rumford Hospital.

Although the organization started notifying affected individuals almost immediately and continued to do so as the investigation advanced and revealed new impacted individuals. The analysis was completed on November 6, 2025, bringing the total number to 145,381.

According to the notification letter, the hackers may have accessed data belonging to CMH patients as well as current and former employees.

On December 29, CMH published a statement informing that the security incident exposed the following data types, which may vary per individual:

• Full names
• Dates of birth
• Treatment information
• Dates of service
• Provider names
• Health insurance information
• Social Security Number (SSN)

As a result of this incident, patients who have received services in the CMH system face an increased risk of phishing, impersonation, and fraud.

"For patients whose information may have been involved in the incident, Central Maine Healthcare recommends that they review the statements they receive from their healthcare providers and health insurance plans," the organization said.

"If they see any services that were not received, they should contact the provider or health plan immediately."

Additionally, a dedicated patient support line has been set up to answer questions, accept data abuse reports, or address concerns.

To keep affected patients safer from financial fraud risk, CMH is offering free credit monitoring services.

BleepingComputer checked for reports of threat actors claiming the attack, but, could not find any at the time of writing.