Heart of America Medical Center 2025 Data Breach

Heart of America Medical Center Breach (2025): 2.1 Million Patient Records Including Medical Diagnoses & SSN | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MedicalEmail AddressFull NameMedical DiagnosisPhone NumberPhysical AddressSocial Security Number
Low SeverityWebsite / service breach

Heart of America Medical Center Breach (2025): 2.1 Million Patient Records Including Medical Diagnoses & SSN

Community hospital and healthcare provider in North Dakota.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
63Data Value
40Market Recency
214dSince Breach

Breach Intelligence Summary

Entity: Heart of America Medical Center · Actor: Unknown · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Hospital and clinical services · Regional medical center · USA
Timeline: Breach (2025-07-17) · Indexed (Sep 25, 2025) · Year (2025)
Exposure: 2.1M records · 6 fields: Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Heart of America Medical Center, a rural community hospital in Rugby, North Dakota, suffered a data breach that compromised the personal and medical information of 2,136,993 individuals. The breach was reported in September 2025. The attack vector has not been publicly disclosed. The scale of the breach far exceeds the hospital's local patient population, suggesting the exposed data extended to historical records or regional data holdings beyond current active patients. The breach exposed a combination of names, home addresses, email addresses, phone numbers, Social Security numbers, and medical diagnosis information. This is among the most sensitive categories of personal data. Social Security numbers enable identity theft and fraudulent credit applications. Medical diagnosis records can be used to target individuals with health-related scams, manipulate insurance claims, or cause personal harm if disclosed. Affected individuals face compounding risks because both financial and medical fraud are possible from a single breach event. No major class-action settlement has been documented as of early 2026. The hospital notified affected individuals and reported the breach to relevant regulators, as required under federal health privacy law (HIPAA). Anyone who has received care at or affiliated with Heart of America Medical Center should monitor their credit reports, review their health insurance statements for unfamiliar claims, and consider placing a fraud alert or credit freeze with the major credit bureaus.

ObscureIQ assessment: Severe risk of medical fraud, identity theft, and targeted health-related scams. Hospital data can also expose sensitive diagnoses or treatment relationships.

Breach Impact

In September 2025 reports confirmed a data breach at Heart of America Medical Center had compromised the personal and medical information of more than 2.1 million individuals. The exposed data included names, email addresses, phone numbers, home addresses, Social Security numbers, and medical diagnoses — a scope that far exceeds the local patient population and suggests the breach extended to historical or regional data holdings beyond active patients. The hospital notified affected individuals and reported the incident to relevant regulators. No major class-action settlement has been documented as of early 2026.

About Heart of America Medical Center

Heart of America Medical Center is a community hospital and healthcare provider located in Rugby, North Dakota, serving a rural patient population in the north-central part of the state. The facility provides inpatient and outpatient services including emergency care, surgical services, and primary care for communities across a broad geographic area where access to alternative healthcare facilities is limited.

Why They Hold Your Data

Regional medical centers collect patient identity, insurance, financial, and clinical data across hospital, outpatient, and administrative systems.

Recent Developments

Heart of America Medical Center operates as an independent rural community hospital. No major organizational changes have been publicly reported beyond the 2025 breach and its aftermath.

Data Points Exposed

6 verified field types
Email Address
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Medical identity fraud or insurance abuse using health data
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Medical extortion, insurance fraud & discrimination
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Heart of America Medical Center breach?

Heart of America Medical Center, a rural community hospital in Rugby, North Dakota, suffered a data breach that compromised the personal and medical information of 2,136,993 individuals. The breach was reported in September 2025. The attack vector has not been publicly disclosed. The scale of the…

What data was exposed?

Verified fields include Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation