Mainline Health Systems Data Breach Investigation

Recently, Mainline announced that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been compromised. According to the breach notice, on or around April 10, 2024, Mainline experienced a data security incident.¹ As a result, Mainline launched an investigation to determine the nature of the incident.

Through its investigation, on May 21, 2025, Mainline confirmed that sensitive personal information within its network may have been accessed and acquired by an unauthorized third party during the breach.¹ As a result, Mainline began a review of the data to determine what information had been impacted, as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:

• Name
• Social Security number
• Date of birth
• Driver’s license number
• Financial information (e.g., financial account number, financial account access information, payment card number, payment card access information)
• Medical information (e.g., medical record number, patient id, Medicaid number, medical diagnosis information, medical treatment procedure information, clinical information, prescription information, provider location, provider name)
• Health insurance information (e.g., health insurance policy number, health insurance group number)

As a result of the data breach, Mainline posted a notice of the incident on its website. Additionally, on June 20, 2025, Mainline began sending breach notification letters to impacted individuals. Based on the website breach notice, Mainline is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that Mainline posted to its website is below.