Heartland Alliance

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Heartland Alliance Data Breach

Heartland Alliance, a non-profit entity based in Chicago, Illinois, experienced a data security incident that was first discovered on January 26, 2022. An unauthorized individual may have accessed personal information without authorization. The breach occurred between January 2, 2022, and January 26, 2022, and was discovered on December 8, 2022[1][2].

Breach Details

The data breach involved the potential exposure of personal and protected health information belonging to employees, directors, independent contractors, and certain individuals who sought health care or participated in other Heartland programs. The types of information that may have been accessed include names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, and some pieces of medical or health information[1][12].

Response and Notification

Upon discovering the breach, Heartland Alliance took immediate steps to secure its systems and engaged a leading cybersecurity firm to investigate the incident. They found that an unauthorized individual may have accessed personal information in their system[1][5]. Heartland Alliance notified affected individuals and offered free credit monitoring and identity protection services for 12 months through IDX, which includes credit monitoring, dark web monitoring, and identity protection services[2].

Legal and Organizational Impact

The incident led to a class action lawsuit against Heartland Alliance, with plaintiffs alleging various damages such as increased risk of fraud and identity theft. However, an Illinois federal court dismissed five of the six causes of action in the lawsuit, leaving only the negligence claim to proceed[6][8][18][21].

Measures Taken

Following the incident, Heartland Alliance has implemented additional technical security measures to prevent similar incidents in the future. These measures include new threat detection software, monitoring, and sign-in protocols[12].

Total Number of Persons Affected

The total number of persons affected by the breach was 54,914, with only 3 of those being residents of Maine[2].

Conclusion

Heartland Alliance has taken the breach seriously and has apologized for any worry or inconvenience caused by the incident. They have taken steps to enhance their IT security and are cooperating with the investigation to address the breach’s consequences[5][12].

Citations:

  1. https://www.heartlandalliance.org/news-media/cyber
  2. https://apps.web.maine.gov/online/aeviewer/ME/40/60b84791-9913-422f-a451-c747eb4ea2d4.shtml
  3. https://www.heartlandalliance.org/readi/impact/
  4. https://therealdeal.com/chicago/2023/12/14/heartland-alliance-shuts-down-affordable-housing-division/
  5. https://www.doj.nh.gov/consumer/security-breaches/documents/heartland-alliance-20221220.pdf
  6. https://blogs.duanemorris.com/classactiondefense/2024/01/23/illinois-federal-court-dismisses-five-of-six-causes-of-action-in-data-breach-class-action-against-chicagoland-nonprofit/
  7. https://www.heartlandalliance.org/chicago-resiliency-fund_
  8. https://www.law360.com/articles/1787071/midwest-healthcare-group-escapes-bulk-of-data-breach-suit
  9. https://www.darkreading.com/cyberattacks-data-breaches/heartland-alliance-provides-notice-of-data-security-incident
  10. https://www.heartlandalliance.org/about/privacy-policy/
  11. https://www.heartlandalliance.org/program/middle-east-and-north-africa/iraq/
  12. https://www.darkreading.com/attacks-breaches/heartland-alliance-provides-notice-of-data-security-incident
  13. https://www.hipaajournal.com/cyberattacks-reported-by-heartland-alliance-and-centrastate-medical-center/
  14. https://www.heartlandalliance.org/immigration-1
  15. https://healthitsecurity.com/news/arkansas-hospital-notifies-patients-of-healthcare-data-breach
  16. https://www.prnewswire.com/news-releases/heartland-alliance-provides-notice-of-data-security-incident-301708534.html
  17. https://chicagoreader.com/news-politics/strength-on-the-street/
  18. https://law.justia.com/cases/federal/district-courts/illinois/ilndce/1:2023cv01108/430604/38/
  19. https://www.bankinfosecurity.com/heartland-data-breach-update-thousands-institutions-impacted-a-1200
  20. https://today.westlaw.com/Document/Iabc6ed4db9ba11ee8921fbef1a541940/View/FullText.html?contextData=%28sc.Default%29&transitionType=CategoryPageItem
  21. https://www.lexology.com/library/detail.aspx?g=3208c789-1c13-404c-82b7-cb7d1e3bbe9e
Breach Submission Date Nov 08, 2022
Converted Entity Name Heartland Alliance
Converted Entity Type Business Associate
State IL
Individuals Affected 46,694
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes