Health Resources in Action, Inc.

Health Resources in Action, Inc. suffered a data breach where unauthorized actors gained access to an email account and SharePoint files between **March 29, 2024, and April 24, 2024**. The incident exposed the **personal information of 3 individuals**, including **Social Security numbers (SSNs)**, a highly sensitive data type often targeted for identity theft. While the breach was limited in scale (affecting only three people), the exposure of SSNs elevates the risk of long-term harm, such as financial fraud or identity misuse. In response, the company offered **24 months of identity theft protection services via Experian** to mitigate potential damages. The breach did not involve ransomware, mass customer data leaks, or operational disruptions, but the compromise of **employee or associated individuals' SSNs** suggests internal data exposure with significant privacy implications. The incident highlights vulnerabilities in email and file-sharing systems, which are common entry points for cyber intrusions.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/cf2a65b9-c0a7-41dc-8886-8698f32a6b7a.shtml

TPRM report: https://www.rankiteo.com/company/health-resources-in-action

"id": "hea719082025",
"linkid": "health-resources-in-action",
"type": "Breach",
"date": "3/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '3 individuals',
                        'industry': 'Healthcare/Public Health',
                        'name': 'Health Resources in Action, Inc.',
                        'type': 'Non-profit Organization'}],
 'attack_vector': 'Unauthorized Access (Email & SharePoint)',
 'customer_advisories': 'Identity theft protection services offered for 24 '
                        'months via Experian',
 'data_breach': {'number_of_records_exposed': '3',
                 'personally_identifiable_information': ['Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High (SSNs included)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'description': "The Maine Attorney General's Office reported that Health "
                'Resources in Action, Inc. experienced a data breach involving '
                'unauthorized access to an email account and SharePoint files '
                'from March 29, 2024, to April 24, 2024. The breach '
                'potentially affected the personal information of 3 '
                'individuals, including Social Security numbers. Identity '
                'theft protection services were offered for 24 months through '
                'Experian.',
 'impact': {'data_compromised': ['Social Security numbers'],
            'identity_theft_risk': 'High (SSNs exposed)',
            'systems_affected': ['Email account', 'SharePoint files']},
 'references': [{'source': "Maine Attorney General's Office"}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
                                                        "General's Office"]},
 'response': {'third_party_assistance': ['Experian (identity theft '
                                         'protection)']},
 'title': 'Health Resources in Action, Inc. Data Breach (March–April 2024)',
 'type': 'Data Breach'}