Cyberattack on Arkansas health center compromises data of over 100,000

Last year’s data security incident at Arkansas-based Mainline Health Center compromised the sensitive personal information belonging to more than 100,000 individuals, the organisation has confirmed.

 

Headquartered in Portland, Arkansas, Mainline is a nonprofit Federally Qualified Health Center that specialises in treating patients who are uninsured or underinsured and lack access to essential health services.

 

In a data security incident notice filed with the Office of Maine Attorney General, Mainline said that on April 10, 2024, it suffered a data security incident affecting its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“As part of our investigation, we notified federal law enforcement of the incident, engaged external cybersecurity experts and conducted a manual review of the impacted files. Based on that review we discovered on May 21, 2025 that certain files containing your protected personal information were subject to unauthorised access or acquisition as a result of the incident,” Mainline said.

 

The compromised data included names, dates of birth, Social Security Numbers, drivers license numbers, financial account details, payment card numbers, medical record numbers, patient IDs, medicaid numbers, health insurance policy details and more.

 

The filing with the Maine state regulator also states that the healthcare provider has identified at least 101,104 individuals impacted by the incident.

 

While Mainline found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

 

 

In April last year, the INC Ransom ransomware group claimed responsibility for the cyber attack on Mainline and listed the company as a victim on its data leak site. The group said that it had gained access to the healthcare provider’s network and threatened to leak the stolen data unless its ransom demands were met.