Cyber Incident Victim: Framingham Heart Study

The Boston University Framingham Heart Study experienced an external system breach involving hacking on August 26, 2024. The incident compromised personal information belonging to 6,835 individuals, including two Maine residents. Boston University discovered the breach on September 8, 2024, thirteen days after the unauthorized access occurred. The compromised data included names combined with other personal identifiers, though the specific types of additional identifiers were not detailed beyond this categorical description. No information was provided about the technical methods used by the attackers or the specific systems targeted within the Framingham Heart Study infrastructure. The breach notification submitted to Maine authorities did not indicate whether the incident involved ransomware, malware, or other specific attack vectors beyond the broad classification of hacking.

Boston University's Associate General Counsel Kayla Tabela submitted the breach notification on behalf of the Framingham Heart Study. Affected individuals received written notifications on December 13, 2024, approximately four months after the breach discovery. The university offered 24 months of complimentary credit monitoring services through Experian to impacted persons as a protective measure. No prior breach notifications had been issued by the entity within the preceding twelve-month period. The notification letter for Maine residents referenced in the filing included "SSN" in its filename, suggesting Social Security numbers may have been among the compromised identifiers, though the breach description did not explicitly confirm this detail. The institutional response focused on post-breach consumer protection rather than public disclosure of technical remediation steps or system security enhancements.