Heartland Health Breach Exposes Social Security Numbers & Health Info

On Feb. 4, 2025, Heartland Health Center discovered it was the victim of a ransomware attack carried out by the MEDUSA group.

The attackers claimed responsibility on their dark web portal, stating they had obtained sensitive data and threatening to publish it within 11 to 12 days. Sample screenshots of the stolen data were also posted online.

Notably, this is not the first time Heartland Health Center has been targeted, as it previously suffered a LockBit ransomware attack on May 9, 2024.

The breach is significant in both scale and sensitivity. According to the disclosure filed with the Massachusetts Attorney General, at least one Massachusetts resident was affected. However, the full scope of the breach likely extends beyond this number, given the organization’s reach in Nebraska and surrounding areas.

The types of information exposed are extensive and include both personally identifiable information (PII) and protected health information (PHI). The compromised data may include: name, Social Security number, date of birth, driver license number, financial account number, username and access information for a non-financial account, date of medical service, medical diagnosis information, individual health insurance policy number, physician or medical facility information, medical condition or treatment information, medical record number, Medicare or Medicaid number, patient account number, certificate or license number, full face photo and referral.

The severity of this breach is heightened by the nature of the information accessed. The exposure of Social Security numbers, financial account details and medical records creates a risk of identity theft, financial fraud and medical identity theft. The MEDUSA ransomware group’s involvement and their public threats to leak data further elevate concerns for those affected.

For more information, see the public notice posted by Heartland Health Center.

Heartland Health Center's response

Upon discovering the unauthorized access, Heartland Health Center immediately engaged forensic consultants to investigate the incident, secure its systems and prevent further unauthorized access. The organization conducted a thorough review of the compromised files to determine the extent of sensitive information involved. By June 3, 2025, this review was completed, and affected individuals were identified.

Heartland Health Center has taken several steps to support those impacted:

• Individual notification letters were mailed to affected persons with valid addresses on Oct. 17, 2025
• A substitute notice has been posted for individuals who could not be reached directly
• Complimentary credit monitoring, cyber monitoring and identity theft protection services are available through TransUnion and Cyberscout for those impacted
• A dedicated call center is available at 833-426-5380, Monday through Friday, 8 a.m. to 8 p.m. Eastern Time

Given the nature of the breach, it is strongly recommended that affected individuals:

• Enroll in the complimentary credit and cyber monitoring services provided
• Regularly review statements from healthcare providers, insurance companies, banks and credit card issuers for unfamiliar activity
• Order a free annual credit report and check for unauthorized accounts or inquiries
• Place a fraud alert or security freeze on credit files if concerned about identity theft
• Immediately report any suspicious or fraudulent activity to relevant institutions and law enforcement