Call Us

Heritage Health Care Data Breach

Posted on behalf of Arnold Law Firm on February 12, 2025 in Data Breach
Updated on February 13, 2025

NOTICE: If you received a NOTICE OF DATA BREACH letter from Moses-Weitzman Health System, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On January 30, 2025, Moses-Weitzman Health System, Inc. (“M-W”) reported a significant cybersecurity incident to the Maine Attorney General’s Office. According to the notice, on October 14, 2024, an unauthorized party accessed consumers’ private and sensitive personal information stored in M-W’s system (the “Data Breach”). The Data Breach has impacted approximately 3,766 individuals.

In January 2025, M-W began sending data breach notification letters to those affected by the Data Breach. Each notification letter includes 24-month complimentary access to credit monitoring and identity restoration services provided by IDX. If you received a data breach notification letter or email from M-W, it indicates that your information was compromised in the Data Breach.

M-W is a healthcare system providing primary health services and is headquartered in Middletown, Connecticut. Established in 1972, the system assists healthcare providers that work with poor and diverse populations and delivers primary care to 2.5 million patients across the United States. With an annual revenue of approximately $15 million, M-W employs around 100 people.

WHAT INFORMATION IS INVOLVED IN THE HERITAGE HEALTH CARE DATA BREACH?

As indicated in M-W’s notification to the Maine Attorney General’s office, the information stolen in the Data Breach includes:

  • Full Name
  • Date of Birth 
  • Social Security Number
  • Health Insurance Information
  • Dependent Information

Collectively, this information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity. 

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. 

California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Moses-Weitzman Health System, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.