Cyber Incident Victim: Heart South Cardiovascular Group
Date:
Nov 2025
Location:
United States of America
Summary
Heart South Cardiovascular Group discovered that an unauthorized party claimed access to its data and later determined that a malicious actor had uploaded the information to the dark web, potentially exposing names, emails, phone numbers, birth dates, and Social Security numbers. Edelson Lechtzin LLP is investigating the incident to assess potential class action claims on behalf of affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 11, 2025, Heart South Cardiovascular Group became aware of an unauthorized party claiming to possess some of its data. The organization subsequently learned, according to a filing with the Maine Attorney General, that an unauthorized party claimed access to certain information. Following an internal investigation, Heart South Cardiovascular Group determined that a malicious actor had recently uploaded its data to the dark web. The exposed data may include personal details such as names, email addresses, phone numbers, birth dates, and Social Security numbers. Heart South Cardiovascular Group provides advanced minimally invasive heart and vascular care in Central Alabama.
In response to the incident, Edelson Lechtzin LLP, a national class action law firm, began investigating data privacy claims arising from the breach. The firm is pursuing a class action seeking legal remedies for individuals whose sensitive personal data may have been compromised. The law firm has made contact information available for affected individuals to speak with a data privacy attorney regarding the incident. The press release announcing the investigation was distributed on April 7, 2026. Edelson Lechtzin LLP maintains offices in Pennsylvania and California.