Heartland Alliance
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Heartland Alliance Data Breach
Heartland Alliance, a non-profit entity based in Chicago, Illinois, experienced a data security incident that was first discovered on January 26, 2022. An unauthorized individual may have accessed personal information without authorization. The breach occurred between January 2, 2022, and January 26, 2022, and was discovered on December 8, 2022[1][2].
Breach Details
The data breach involved the potential exposure of personal and protected health information belonging to employees, directors, independent contractors, and certain individuals who sought health care or participated in other Heartland programs. The types of information that may have been accessed include names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, and some pieces of medical or health information[1][12].
Response and Notification
Upon discovering the breach, Heartland Alliance took immediate steps to secure its systems and engaged a leading cybersecurity firm to investigate the incident. They found that an unauthorized individual may have accessed personal information in their system[1][5]. Heartland Alliance notified affected individuals and offered free credit monitoring and identity protection services for 12 months through IDX, which includes credit monitoring, dark web monitoring, and identity protection services[2].
Legal and Organizational Impact
The incident led to a class action lawsuit against Heartland Alliance, with plaintiffs alleging various damages such as increased risk of fraud and identity theft. However, an Illinois federal court dismissed five of the six causes of action in the lawsuit, leaving only the negligence claim to proceed[6][8][18][21].
Measures Taken
Following the incident, Heartland Alliance has implemented additional technical security measures to prevent similar incidents in the future. These measures include new threat detection software, monitoring, and sign-in protocols[12].
Total Number of Persons Affected
The total number of persons affected by the breach was 54,914, with only 3 of those being residents of Maine[2].
Conclusion
Heartland Alliance has taken the breach seriously and has apologized for any worry or inconvenience caused by the incident. They have taken steps to enhance their IT security and are cooperating with the investigation to address the breach’s consequences[5][12].
Citations:
- https://www.heartlandalliance.org/news-media/cyber
- https://apps.web.maine.gov/online/aeviewer/ME/40/60b84791-9913-422f-a451-c747eb4ea2d4.shtml
- https://www.heartlandalliance.org/readi/impact/
- https://therealdeal.com/chicago/2023/12/14/heartland-alliance-shuts-down-affordable-housing-division/
- https://www.doj.nh.gov/consumer/security-breaches/documents/heartland-alliance-20221220.pdf
- https://blogs.duanemorris.com/classactiondefense/2024/01/23/illinois-federal-court-dismisses-five-of-six-causes-of-action-in-data-breach-class-action-against-chicagoland-nonprofit/
- https://www.heartlandalliance.org/chicago-resiliency-fund_
- https://www.law360.com/articles/1787071/midwest-healthcare-group-escapes-bulk-of-data-breach-suit
- https://www.darkreading.com/cyberattacks-data-breaches/heartland-alliance-provides-notice-of-data-security-incident
- https://www.heartlandalliance.org/about/privacy-policy/
- https://www.heartlandalliance.org/program/middle-east-and-north-africa/iraq/
- https://www.darkreading.com/attacks-breaches/heartland-alliance-provides-notice-of-data-security-incident
- https://www.hipaajournal.com/cyberattacks-reported-by-heartland-alliance-and-centrastate-medical-center/
- https://www.heartlandalliance.org/immigration-1
- https://healthitsecurity.com/news/arkansas-hospital-notifies-patients-of-healthcare-data-breach
- https://www.prnewswire.com/news-releases/heartland-alliance-provides-notice-of-data-security-incident-301708534.html
- https://chicagoreader.com/news-politics/strength-on-the-street/
- https://law.justia.com/cases/federal/district-courts/illinois/ilndce/1:2023cv01108/430604/38/
- https://www.bankinfosecurity.com/heartland-data-breach-update-thousands-institutions-impacted-a-1200
- https://today.westlaw.com/Document/Iabc6ed4db9ba11ee8921fbef1a541940/View/FullText.html?contextData=%28sc.Default%29&transitionType=CategoryPageItem
- https://www.lexology.com/library/detail.aspx?g=3208c789-1c13-404c-82b7-cb7d1e3bbe9e