.png)
Heartland Health Center Data Breach Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Heartland Health Center data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Heartland Health Center
Heartland Health Center is a nonprofit based in Nebraska. The company serves the Douglas County area, with several facilities such as Heartland Community Health Center, Heartland Panda Pediatrics, River City Pharmacy and Bluestem Wellness.
Founded in the late 1990s, Heartland Health Center has grown from a small clinic in a church basement to a Federally Qualified Health Center (FQHC) recognized for its integrated, patient-centered care.
What Happened?
In February 2025, Heartland Health Center discovered it was the victim of a ransomware attack carried out by the MEDUSA group. On Feb. 4, 2025, unauthorized parties gained access to the organization’s network environment.
An investigation revealed that sensitive information may have been exposed. By June 3, 2025, a thorough review confirmed that certain personal and sensitive information was at risk. Heartland Health Center began notifying affected individuals on Oct. 17, 2025.
Information Exposed:
- Name
- Social Security number
- Date of birth
- Driver license number
- Financial account number
- Username and access information for a non-financial account
- Date of medical service
- Medical diagnosis information
- Individual health insurance policy number
- Physician or medical facility information
- Medical condition or treatment information
- Medical record number
- Medicare or Medicaid number
- Patient account number
- Certificate or license number
- Full face photo and referral
The cybersecurity incident was reported to the Massachusetts and Montana Attorney Generals' offices beginning on Oct. 21, 2025.
It is notable that Heartland Health Center previously experienced a ransomware incident involving LockBit in May 2024.
Your Rights and Next Steps
If you received a notification letter or believe your information may have been involved, there are important steps you can take to protect yourself. Heartland Health Center is offering complimentary credit monitoring and identity theft protection services through TransUnion and Cyberscout. These services are available for twelve months from the date of enrollment.
Recommended Actions:
- Enroll in the free credit monitoring services as soon as possible
- Monitor your credit reports for unfamiliar accounts or activity
- Review statements from healthcare providers, insurance companies and financial institutions for unauthorized charges or services
- Consider placing a fraud alert or security freeze on your credit file with the major credit bureaus
- Report any suspicious activity to your financial institutions, health plan, or local law enforcement
If you notice any discrepancies or suspect identity theft, you can file a report with the Federal Trade Commission and your state Attorney General’s office. Keeping your healthcare provider updated with your current information can also help prevent misuse of your records.
You May Be Entitled to Compensation
If your personal information was exposed in the Heartland Health Center data breach, you may be eligible for compensation. Lawyers are ready to help those affected by this incident understand their rights and pursue possible claims. Completing the below form is the first step toward joining a lawsuit and seeking compensation for any harm caused by this data breach.
.svg)