Cyber Incident Victim: Family Practice Center

Family Practice Center (FPC) experienced a cybersecurity incident involving unauthorized access to patient information, discovered on or around October 11, 2021. The breach exposed sensitive personal and health-related data, though FPC confirmed patient medical records were not compromised. Affected information included patient names, addresses, medical insurance details, and health/treatment information. A limited subset of individuals also had Social Security numbers exposed. FPC conducted an investigation but found no evidence that the accessed information had been misused. The organization delayed full notification until June 30, 2022, when it finalized current address information for impacted individuals to facilitate written communications. The incident did not disrupt clinical operations or compromise core medical record systems, but it created potential risks of identity theft or insurance fraud for affected patients.

In response, FPC engaged independent cybersecurity professionals immediately after discovery to strengthen protections and prevent future unauthorized disclosures. The organization initiated a notification campaign by mail to all potentially impacted individuals, detailing the nature of the breach and recommended protective steps. FPC established a dedicated toll-free call center operational Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time (1-833-909-4308) to address patient inquiries. Notification letters included specific guidance for monitoring personal information, particularly for those whose Social Security numbers were exposed. The breach response focused on transparency and risk mitigation, though FPC did not disclose technical details about the attack vector or the duration of unauthorized access prior to detection. All containment and remediation efforts were completed internally without regulatory penalties or publicized legal actions stemming from the incident.