Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Heart Care Centers of Illinois Data Breach

Heart Care Centers of Illinois says a phishing attack gave an unauthorized party access to an employee’s email account from August 2024 to November 2024, exposing patient names, Social Security numbers, financial data, and detailed medical information. Notices went out in July 2026.

Heart Care Centers of Illinois
Date of Breach: August 22, 2024
CAU logo

Who was affected:

Clients of Heart Care Centers of Illinois

Impacted Data:

Names, mailing addresses, Social Security numbers, dates of birth, driver’s license or state ID numbers, payment card information, financial account numbers, passport numbers, medical and treatment information, prescription information, health insurance information, provider information, phone and fax numbers

Heart Care Centers of Illinois (HCCI), a cardiology practice based in Palos Park, Illinois, has notified employees and patients that a phishing attack led to unauthorized access to an employee’s email account, exposing a wide range of personal, financial, and medical information. HCCI says it has no evidence that any of the exposed information has actually been misused.

Medical practices hold an unusually sensitive mix of information, financial account numbers alongside diagnosis and treatment records, which makes a single compromised email account potentially far more damaging than it would be at a typical business. When that responsibility isn’t met, the patients and employees whose information was exposed are the ones left to manage the fallout.

Heart Care Centers of Illinois’s Data Breach Investigation

According to HCCI’s public notice, the incident began when an employee’s email account was compromised through a phishing attack. HCCI states that it discovered the issue on January 15, 2026, while investigating an unrelated, unsuccessful phishing attempt. That investigation uncovered evidence of historical suspicious activity connected to the same employee account, prompting HCCI to bring in third-party forensic specialists to determine what had actually happened.

The forensic investigation determined that the phishing attack had, in fact, succeeded much earlier: the unauthorized party had access to the employee’s email account from August 22, 2024 through November 6, 2024, a window of roughly two and a half months. Because the compromise went undetected for over a year, HCCI then had to engage a separate third-party data analytics firm to conduct a detailed review of everything in that email account to determine what personal information was present and whom it belonged to. That review was not completed until June 11, 2026, nearly a year and a half after the unauthorized access first began.

Phishing remains one of the most common ways attackers gain an initial foothold inside a healthcare organization’s systems, precisely because it targets employees rather than technical vulnerabilities in software. A single successful phishing email that compromises one employee’s inbox can expose everything that ever passed through that account, including messages the employee received from patients, insurers, billing vendors, and colleagues over months or years, which is exactly the pattern HCCI describes here.

The delay between the compromise itself (2024) and public notification (2026) illustrates a recurring challenge in email-based breaches specifically: unlike a breach of a structured database, where investigators can often quickly identify exactly which records were accessed, an email account can contain an enormous, disorganized mix of attachments, forwarded messages, and correspondence spanning years. Determining precisely which individuals and which data elements were exposed inside that mailbox is a labor-intensive process, which is part of why HCCI’s review took as long as it did even after the initial compromise was identified.

The specific combination of data HCCI says may have been exposed, including Social Security numbers, driver’s license numbers, payment card and financial account information, and detailed medical and prescription records, is especially valuable on the black market. That mix enables not just conventional identity theft and credit fraud, but medical identity theft, where a criminal uses a victim’s insurance information to obtain treatment, and even targeted phishing or extortion attempts built around real details of a person’s medical history.

HCCI began mailing notification letters to potentially affected individuals on July 10, 2026, and has offered complimentary credit monitoring and identity restoration services through Epiq to those impacted, with an enrollment deadline of October 31, 2026.

When Did This Breach Occur?

HCCI says the unauthorized access to the employee email account occurred between August 22, 2024 and November 6, 2024. The compromise was not discovered until January 15, 2026, when HCCI was investigating a separate, unsuccessful phishing attempt and found evidence of the earlier historical activity. A follow-up review to determine exactly what information was affected was completed on June 11, 2026, and notification letters began going out to potentially impacted individuals on July 10, 2026.

What Information Was Breached?

HCCI states that the information potentially exposed varies by individual, but may include any of the following: name, mailing address, Social Security number, date of birth, driver’s license or state identification number, payment card information, financial account number, passport number, medical information (including treatment, condition, and diagnosis details), prescription information, health insurance information, provider information, and telephone and fax numbers. This is an unusually broad mix of financial and medical data for a single incident.

What You Can Do

HCCI is offering complimentary credit monitoring and identity restoration services through Epiq to potentially affected individuals, with enrollment available through October 31, 2026. If you received a notice from HCCI, you should enroll in these services promptly and follow any additional instructions in your letter. You should also:

  • Review bank and credit card statements for unauthorized charges
  • Check your credit reports for new accounts you don’t recognize
  • Monitor health insurance statements (Explanation of Benefits) for services you never received
  • Consider a credit freeze or fraud alert with the major credit bureaus
  • Be alert for follow-up phishing attempts referencing this incident directly

File a Data Breach Lawsuit Against Heart Care Centers of Illinois

If you received a notice that your personal or medical information was exposed in the Heart Care Centers of Illinois data breach, you may be entitled to compensation. Healthcare providers have a legal responsibility to protect the sensitive information entrusted to them, and when that responsibility is not met, affected patients and employees can have legal recourse.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Date of Breach: November 24-26, 2025 (discovered November 26, 2025; notification sent July 8, 2026)
Date of Breach: August 22, 2024
Date of Breach: January 31, 2025
Related News

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.