The Maine Office of the Attorney General disclosed a data breach affecting the Boston University Framingham Heart Study on December 19, 2024, stemming from an incident on August 26, 2024. Unauthorized actors gained access to sensitive personal information of 6,835 individuals, including Social Security numbers, full names, and medical records. The exposed data poses significant risks of identity theft, financial fraud, and misuse of health information. In response, the affected individuals were offered 24 months of free credit monitoring and identity protection services through Experian IdentityWorks™. The breach highlights vulnerabilities in handling highly confidential research participant data, potentially eroding trust in the institution’s data security practices. No ransomware involvement was reported, but the scale and sensitivity of the compromised data elevate the severity of the incident.
TPRM report: https://www.rankiteo.com/company/framingham-heart-study
"id": "fra043091825",
"linkid": "framingham-heart-study",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 6835,
'industry': 'Healthcare / Academic Research',
'location': 'Framingham, Massachusetts, USA',
'name': 'Boston University Framingham Heart Study',
'type': 'Research Institution'}],
'customer_advisories': 'Credit monitoring services offered for 24 months via '
'Experian IdentityWorks™',
'data_breach': {'data_exfiltration': 'Yes (unauthorized access)',
'number_of_records_exposed': 6835,
'personally_identifiable_information': ['Social Security '
'numbers',
'names',
'medical information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-08-26',
'date_publicly_disclosed': '2024-12-19',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving the Boston University Framingham Heart '
'Study. The breach involved unauthorized access to personal '
'information affecting 6,835 individuals, including Social '
'Security numbers, names, and medical information. Credit '
'monitoring services were offered for 24 months via Experian '
'IdentityWorks™.',
'impact': {'data_compromised': ['Social Security numbers',
'names',
'medical information'],
'identity_theft_risk': 'High (PII and medical data exposed)'},
'references': [{'date_accessed': '2024-12-19',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potentially HIPAA (Health '
'Insurance Portability and '
'Accountability Act)',
'State data breach '
'notification laws (e.g., '
'Maine)'],
'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General; credit '
'monitoring offered to affected '
'individuals',
'third_party_assistance': ['Experian IdentityWorks™ (credit '
'monitoring)']},
'title': 'Data Breach at Boston University Framingham Heart Study',
'type': 'Data Breach'}