Heartland Health Center, a Nebraska-based nonprofit and Federally Qualified Health Center (FQHC), suffered a ransomware attack by the MEDUSA group in February 2025. Unauthorized actors breached its network, exposing highly sensitive personal and medical data of patients and employees. The compromised information included Social Security numbers, driver’s license numbers, financial account details, full medical records (diagnoses, treatments, insurance data), Medicare/Medicaid numbers, and biometric identifiers like full-face photos. The breach was confirmed in June 2025, with notifications sent to affected individuals in October 2025. This incident followed a prior LockBit ransomware attack in May 2024, highlighting systemic vulnerabilities. The exposure of such comprehensive data poses severe risks of identity theft, financial fraud, medical fraud, and long-term reputational harm to the organization and its stakeholders. Heartland offered 12 months of credit monitoring, but the scale of the breach suggests potential legal liabilities and regulatory penalties.
Source: https://www.claimdepot.com/investigations/heartland-health-center-data-breach-2025
TPRM report: https://www.rankiteo.com/company/heartland-health-center-inc
"id": "hea3492634102425",
"linkid": "heartland-health-center-inc",
"type": "Ransomware",
"date": "5/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'healthcare (Federally Qualified Health '
'Center)',
'location': 'Douglas County, Nebraska, USA',
'name': 'Heartland Health Center',
'type': 'nonprofit healthcare provider'}],
'attack_vector': 'network intrusion (details unspecified)',
'customer_advisories': ['Notification letters sent to affected individuals '
'(starting 2025-10-17)',
'Offer of 12 months of complimentary credit '
'monitoring and identity theft protection'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': ['name',
'Social Security '
'number (SSN)',
'date of birth',
'driver license '
'number',
'financial account '
'number',
'username and access '
'information '
'(non-financial '
'accounts)',
'full face photo',
'certificate/license '
'number'],
'sensitivity_of_data': 'high (includes SSN, medical records, '
'financial account numbers)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial information']},
'date_detected': '2025-02-04',
'date_publicly_disclosed': '2025-10-17',
'description': 'Heartland Health Center, a nonprofit Federally Qualified '
'Health Center (FQHC) in Nebraska, suffered a ransomware '
'attack by the MEDUSA group in February 2025. Unauthorized '
'parties accessed the organization’s network on February 4, '
'2025, exposing sensitive personally identifiable information '
'(PII) and protected health information (PHI). The breach was '
'confirmed by June 3, 2025, and affected individuals were '
'notified starting October 17, 2025. This incident follows a '
'prior ransomware attack by LockBit in May 2024.',
'impact': {'brand_reputation_impact': 'high (potential loss of trust due to '
'repeated breaches)',
'data_compromised': True,
'identity_theft_risk': 'high (PII and PHI exposed)',
'legal_liabilities': 'potential (class action lawsuits initiated '
'by Shamis & Gentile P.A.)',
'payment_information_risk': 'moderate (financial account numbers '
'exposed)'},
'initial_access_broker': {'high_value_targets': ['patient medical records',
'PII',
'financial data']},
'investigation_status': 'completed (as of 2025-06-03)',
'motivation': 'likely financial (ransom demand) and data exfiltration',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'MEDUSA'},
'recommendations': ['Enroll in free credit monitoring services '
'(TransUnion/Cyberscout)',
'Monitor credit reports for unfamiliar activity',
'Review healthcare/financial statements for unauthorized '
'charges',
'Place fraud alert/security freeze on credit files',
'Report suspicious activity to financial institutions/law '
'enforcement',
'File reports with FTC and state Attorney General if '
'identity theft is suspected',
'Keep healthcare providers updated with current '
'information'],
'references': [{'source': 'Shamis & Gentile P.A. (Class Action '
'Investigation)'}],
'regulatory_compliance': {'legal_actions': ['potential class action lawsuit '
'(led by Shamis & Gentile P.A.)']},
'response': {'communication_strategy': ['notification letters to affected '
'individuals (starting 2025-10-17)',
'public advisory via Shamis & Gentile '
'P.A.'],
'incident_response_plan_activated': True,
'remediation_measures': ['complimentary credit monitoring (12 '
'months)',
'identity theft protection services'],
'third_party_assistance': ['TransUnion (credit monitoring)',
'Cyberscout (identity theft '
'protection)']},
'threat_actor': 'MEDUSA ransomware group',
'title': 'Heartland Health Center Ransomware Attack and Data Breach (2025)',
'type': ['ransomware attack', 'data breach']}