Tens of Thousands of Residents Affected HCF Management Cyberattack
More than 57,000 residents of HCF Management-operated long-term care facility residents have been notified that their data has been stolen in a hacking incident, and a mismailing incident has affected a limited number of Alliant Health Plans members.
More than 57,000 Residents of HCF Facilities Affected by Data Breach
HCF Management Inc., a Lima, OH-based company that manages 31 long-term care facilities in Ohio and Pennsylvania has announced that hackers gained access to its network and the data of residents of multiple long-term care facilities. HCF Management said the intrusion was detected on October 3, 2024; however, the forensic investigation confirmed that its network was infiltrated on September 17, 2024. Immediate action was taken to prevent further unauthorized access, and a third-party computer forensics firm was engaged to investigate the incident and determine the nature and scope of the unauthorized activity.
On November 19, 2024, HCF Management confirmed that the hacker had exfiltrated files containing residents’ information. The types of data involved varied from individual to individual and may have included some or all of the following: names, addresses, phone numbers, dates of birth, Social Security numbers, medical treatment information, and health insurance information. Notification letters are being mailed to the affected individuals and complimentary identity theft protection services have been offered to individuals whose Social Security numbers were involved, although there are no indications at this stage that any of the stolen data has been misused. HCF Management said it is implementing additional technical security measures and security policies to prevent similar incidents in the future.
Based on the breach reports submitted to the HHS’ Office for Civil Rights (OCR), it appears that 23 of HCF Management’s 31 care facilities have been affected, and up to 57,927 individuals had their protected health information exposed or stolen in the incident. Since each facility is reporting the breach separately, it is possible that some have yet to notify OCR about the data breach.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Affected Facilities
| Covered Entity | Care Facility | Individuals Affected |
| Ohio | ||
| Heritage Health Care | N/A | 12,162 |
| HCF of Shawnee Inc. | Shawnee Manor | 4395 |
| HCF of Findlay Inc. | Fox Run Manor | 3986 |
| HCF of Bowling Green, Inc. | Bowling Green Manor | 3500 |
| HCF of Court House Inc. | St. Catherine’s Manor of Washington Court House | 3012 |
| HCF of Piqua Inc. | Piqua Manor | 2969 |
| HCF of Perrysburg Inc. | Manor at Perrysburg | 2704 |
| HCF of Briarwood Inc. | Briarwood Village | 2650 |
| HCF of Washington Inc. | Court House Manor | 2489 |
| HCF of Fox Run Inc. | The Manor at Greendale | 2333 |
| HCF of Celina Inc. | Celina Manor | 2321 |
| HCF of Crestview Inc. | Village at the Greene | 1944 |
| HCF of Wapakoneta Inc. | Wapakoneta Manor | 1862 |
| HCF of Van Wert Inc. | Van Wert Manor | 1604 |
| HCF of Fostoria Inc. | St. Catherine’s Manor of Fostoria | 1253 |
| HCF of Roselawn Inc. | Roselawn Manor | 1208 |
| HCF of Garbry Ridge | Garbry Ridge | 512 |
| Pennsylvania | ||
| HCF of Hempfield Inc. | Hempfield Manor | 4744 |
| HCF of Fairview Inc. | Fairview Manor | 2935 |
| HCF of Edinboro Inc. | Edinboro Manor | 2844 |
| HCF of Warren Inc. | Warren Manor | 2709 |
| HCF of Corry Inc. | Corry Manor | 2620 |
| HCF of Sweden Valley Inc. | Sweden Valley Manor | 1768 |
| HCF of Bradford Inc. | Bradford Manor | 1565 |
Mis-mailing Incident Announced by Alliant Health Plans
Alliant Health Plans, a Dalton, GA-based health insurance company, has notified 695 plan members that some of their protected health information has been impermissibly disclosed to other health plan members. On November 19, 2024, Alliant discovered that a mailing of Welcome Letters to new members may have included a duplicate of that letter that was intended for another member.
The investigation identified the cause of the mis-mailing as a page number indicator on the mailing list, which resulted in more than one letter being included in each envelope. It took around one month for Alliant to definitively determine the individuals affected to allow notification letters to be sent. The information impermissibly disclosed was minimal. In each case, only the name and address of one member were disclosed to one other health plan member, as well as the letter indicating the individual was a member of the health plan. Individual notification letters were mailed to the affected individuals on January 17, 2025. Alliant has implemented additional cross-checking procedures to ensure similar incidents are prevented in the future.
