Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital

Michael Cousineau, The New Hampshire Union Leader, Manchester

Apr. 22—Almost 2,800 patients at Catholic Medical Center may have had their files containing personal and health information exposed in a third-party "data security incident," the hospital said Monday.

Affected people identified in the "potential data compromise" will be notified this week by mail.

The announcement comes after the Manchester hospital last week said it was laying off 54 employees and cutting others' hours in the face of "unprecedented financial challenges," according to a memo to staff.

CMC said the data breach occurred with Lamont Hanley & Associates Inc. (LH), a vendor that provides account receivable management services to the hospital.

"CMC is working with LH to notify potentially impacted CMC patients about a data security incident at LH during which an unauthorized party accessed and/or acquired certain files containing personal and health information related to CMC patients, among other LH clients," the hospital said in a statement.

The hospital said an investigation by the vendor "did not identify evidence of specific data access or acquisition by an unauthorized party, but could not conclude with 100% certainty that data within the account was not accessed or acquired by an unauthorized party," the hospital's statement said.

Lamont Hanley also "is not aware" of any identity fraud or improper use of personal and health information, according to CMC.

On March 6, Lamont Hanley notified CMC that on June 20, 2023, it discovered an employee's email account was accessed by an unauthorized party via a phishing attempt.

The vendor conducted a comprehensive review of the affected email account and on Feb. 28, determined what specific personal information may have been compromised, according to the hospital.

The potentially exposed information may include names, Social Security numbers, dates of birth, medical and claim information, health insurance information, individual identification information and financial account information, CMC said in its statement.

Hospital officials would not comment further.

Lamont Hanley is providing free credit monitoring services to those who are eligible. People are encouraged to take steps to protect themselves against identity fraud, including placing a fraud alert/security freeze on their credit files and obtaining free credit reports.

"Although CMC's network was not breached as a result of this incident, we maintain an aggressive cyber security program," CMC said. "We also require our contracted vendors to implement administrative, technical, and physical safeguards to secure all sensitive information within their organizations.

Lamont Hanley has established a dedicated toll-free response line at 1-833-792-8144 available Monday through Friday, 8 a.m. to 8 p.m.

Advertisement