Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

Harrisburg Medical Center Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating data breach claims on behalf of current and former patients at Harrisburg Medical Center in Harrisburg, Illinois. According to a notice posted on the healthcare entity’s website, a hacking incident occurred almost a year ago, and the organization is just now alerting impacted individuals.

In most cases, hospitals and medical centers that suffer a cyberattack begin notifying impacted individuals within 60-90 days of a data breach. Why HMC waited almost a year is currently unknown, though our data breach lawyers are investigating.

By law, according to the HHS, “These individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include, to the extent possible, a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm.”

What Happened at Harrisburg Medical Center?

According to a notice reported to the office of the Maine Attorney General, 147,826 individuals may have had their personal data compromised in a network hacking incident.

In December 2022, HMC discovered unusual activity on its computer network and began an internal investigation. Harrisburg Medical Center completed an investigation of the data incident that may have involved the personal information of thousands of individuals. It was later concluded that an unknown third party may have accessed and acquired certain documents from the Harrisburg Medical Center systems from December 19, 2022 to December 23, 2022.

On December 12, 2023, Harrisburg Medical Center says that began mailing data breach notification letters to those impacted. The personal information leaked varies by individual and may include Social Security number, date of birth, and clinical information, such as diagnosis/conditions, lab results, and prescription information. For a limited number of individuals, the documents may have also included health insurance information, driver’s license/state ID number, digital/electronic signature, and/or financial account number.

Anyone who is notified of a data breach should begin to take action. Individuals should remain vigilant to protect against potential fraud and medical identity theft. Contact our legal team to learn more about data theft events and to discuss possible legal action. We strongly believe any entity that collects and stores your data has a duty to properly protect it. Should they fail due to negligent security systems, a class action data breach lawsuit can be considered.