An employee email account breach at Ellis Medicine exposed the names and Social Security numbers of thousands of individuals.
What happened
Ellis Medicine, a nonprofit healthcare provider based in Schenectady, New York, disclosed a data breach that affected 13,383 individuals, including eight residents of Maine. The breach involved unauthorized access to an employee’s email account and was discovered following suspicious activity observed earlier this year.
The internal investigation confirmed that the email account was compromised during two separate windows: January 17–24, 2025, and March 27–April 5, 2025. The breach was officially reported to the Maine Attorney General’s office on July 22, and notification letters to affected individuals began going out on July 17.
Going deeper
The compromised data included full names and Social Security numbers. Ellis Medicine has not found evidence that the data has been misused, but emphasized the need for caution.
The organization responded by resetting the affected email account credentials, including multi-factor authentication, and hiring external cybersecurity experts to investigate the scope of the breach. The full disclosure has been made available through multiple state attorney general websites, including Maine, Massachusetts, and Vermont.
What was said
Ellis Medicine has offered 12 months of free credit monitoring and fraud resolution services through Cyberscout, a TransUnion company. Impacted individuals must enroll within 90 days of receiving the notification letter. The services include credit score access, file monitoring, and proactive assistance in case of identity theft.
Ellis Medicine encouraged recipients of the notice to remain vigilant by monitoring their financial and medical records for any unusual activity and to consider placing fraud alerts or credit freezes if necessary.
The big picture
According to the official notice from Ellis Medicine, “An employee email account was accessed by an unauthorized person” during two separate timeframes in early 2025. Although no misuse has been confirmed, the organization stated that it “immediately took action” and completed a full investigation with the help of external specialists. Impacted individuals are being offered free credit monitoring, as Ellis Medicine continues efforts to strengthen email security and prevent further unauthorized access.
FAQs
Why are healthcare providers often targeted through email accounts?
Email accounts often contain sensitive internal communications and may serve as entry points to broader systems, making them attractive targets for attackers using phishing or credential theft.
What is multi-factor authentication and how does it help?
Multi-factor authentication (MFA) adds an extra layer of protection by requiring users to verify their identity using a second method (like a phone code) beyond a password. It significantly reduces the risk of unauthorized access.
Who is Cyberscout and what support do they offer?
Cyberscout is a fraud assistance service operated by TransUnion that provides credit monitoring, fraud resolution, and personalized guidance to help individuals respond to identity theft threats.
What steps should affected individuals take right now?
Individuals should review their credit reports and financial statements for suspicious activity, enroll in the free monitoring services, and consider placing a fraud alert or credit freeze with credit bureaus.
How are state attorney general websites involved in breach disclosures?
State attorneys general often require organizations to file public breach notifications for transparency. These sites serve as official sources for consumers to verify incidents and review affected data categories.
Farah Amod
