Penobscot Community Health Center in Maine have begun notifying roughly 13,000 patients that their data may have been compromised in a hack that lasted about 8 months on its billing services vendor, American Medical Collection Agency.

The Bangor Daily News reports a hacker gained access to the AMCA system from August 1, 2018, to March 30, 2019. The system contained information that varied by client, from demographic details to medical data and some Social Security numbers, according to the newspaper.

Penobscot Community Health Center contracted with AMCA for its billing collection services, the BDN reported, and according to the notice, AMCA notified the provider of the eight month long breach on May 15, 2019.

The data compromised during the hack included patient names, dates of birth, provider name, and other medical data, according to the BDN. Some credit card information could also have been possibly breached. The agency collected on overdue patient bills, but said patient health records or treatment information wasn’t impacted by the potential breach, the newspaper added.

Patients will receive two years of free credit monitoring and identity theft protection services, according to the BDN. Penobscot Community Health Center has since stopped doing business with AMCA and is currently taking steps to retrieve and secure all patient data contained in the vendor’s systems.