- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Lewiston Today
By the People, for the People
Maine Lawmakers Seek to Bolster Hospital Cybersecurity After Attacks
New bill would require hospitals to formally prepare for increasing cyberattacks that can delay care and put patient data at risk.
Published on Feb. 24, 2026
Got story updates? Submit your updates here. ›
After a series of high-profile cyberattacks on Maine hospitals in 2025 that impacted over a third of the state's residents, lawmakers are considering a new bill that would require hospitals to adopt formal cybersecurity plans. The legislation aims to improve incident reporting, ensure continuity of care, and mandate cybersecurity training for hospital staff to build resilience against future attacks.
Why it matters
The cyberattacks on Lewiston's St. Mary's Regional Medical Center and Central Maine Medical Center highlighted the growing threat hospitals face from bad actors targeting their technology-dependent operations. When providers lose access to critical systems, it can lead to delayed care, missed appointments, unfilled prescriptions, and worse outcomes for patients - underscoring the need for stronger security measures.
The details
The proposed bill, LD 2103, would require hospitals to submit annual cybersecurity plans to the Maine Department of Health and Human Services. The plans must include processes for incident reporting, handling threats of violent behavior, and maintaining backup communication channels to ensure continuity of care during an attack. The legislation was introduced by Rep. Julia McCabe, D-Lewiston, after data breaches at Covenant Health and Central Maine Healthcare in 2025 exposed the personal information of over 600,000 patients statewide.
- In May 2025, a cyberattack on Covenant Health, the parent company of St. Mary's Health System in Lewiston and St. Joseph Healthcare in Bangor, affected the data of more than 478,000 patients.
- In June 2025, a cyberattack on Central Maine Healthcare, which owned Central Maine Medical Center in Lewiston, impacted 145,381 patients and disrupted basic communication services.
The players
Rep. Julia McCabe
A Democratic state representative from Lewiston who sponsored LD 2103, the bill that would require hospitals to adopt formal cybersecurity plans.
Winfield Brown
The president of St. Mary's Regional Medical Center, who testified in opposition to the bill, arguing it would add duplicative administrative costs on top of existing federal security requirements.
Dr. Christian Dameff
A researcher at the UC San Diego Center for Healthcare Cybersecurity who studies the patient safety impacts of hospital cyberattacks.
Anne White
A Greene resident whose tonsil cancer appointment at Central Maine Healthcare was delayed for three weeks due to the June 2025 cyberattack.
Margaret Craven
A former Lewiston state senator who had her annual checkup with Covenant Health rescheduled from August 2025 to February 2026 due to the cyberattacks.
What they’re saying
“What is plain is that there were severe breakdowns in patient care caused by the two cyberattacks. As I learned about this issue, it became clear to me that this is not a one-off, or some fluke, but part of a trend of bad actors increasingly targeting hospitals.”
— Rep. Julia McCabe (centralmaine.com)
“The thing is, we at St. Mary's and our parent organization, Covenant, took all the protective planning measures required by existing federal law prior to our cybersecurity incident, and the attack still took place.”
— Winfield Brown, President, St. Mary's Regional Medical Center (centralmaine.com)
“I think this bill would help prevent the confusion and worry that I and many others experienced during the cyber outage and when we were unable to reach the hospital.”
— Anne White, Greene Resident (centralmaine.com)
What’s next
The Maine legislature will consider LD 2103 and decide whether to pass the bill requiring hospitals to adopt formal cybersecurity plans.
The takeaway
The cyberattacks on Maine hospitals in 2025 demonstrated the serious patient safety risks posed by technology failures in the healthcare system. This new legislation aims to improve incident response, ensure continuity of care, and build long-term resilience against the growing threat of malicious cyber activity targeting critical medical infrastructure.
