Jacksonville Medical Care Data Breach Affects 6,262 Patients

On January 26, 2025, Jacksonville Medical Care (JMC), the largest family practice group in Central Arkansas, discovered a significant data breach affecting the personal and health information of 6,262 individuals. According to the official notice and federal filings, the breach occurred over a short window between January 25 and January 26, 2025, when unauthorized access to certain files on JMC’s network was detected. The organization quickly launched an investigation with the help of independent cybersecurity experts.

The investigation revealed that cybercriminals accessed or acquired files containing a range of sensitive information. The types of consumer information exposed included names, dates of birth, Social Security numbers (personally identifiable information or PII), as well as diagnosis or treatment information and other health-related details (protected health information or PHI).

After a thorough review of the compromised files, Jacksonville Medical Care concluded its investigation in March 2025. The company began mailing notification letters to affected individuals on April 9, 2025. The breach was also reported to the U.S. Department of Health and Human Services on April 10, 2025, and details can be found on the HHS Breach Portal. The company’s own Notice of Data Incident provides further information.

Jacksonville Medical Care's response

In response to the breach, Jacksonville Medical Care took immediate action by engaging cybersecurity professionals to investigate and contain the incident. The organization reviewed all potentially impacted files to identify affected individuals and mailed direct notifications to those with available addresses. JMC also enhanced its security measures to reduce the risk of similar incidents in the future.

For those affected, JMC established a toll-free call center—available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time at 1-833-998-8995—to answer questions and provide support.

The company’s notice outlines several steps individuals can take to protect their information:

• Remain vigilant by reviewing account statements and credit reports for suspicious activity.
• Consider placing a fraud alert or security freeze on your credit file with the major credit bureaus.
• Obtain a free credit report annually from each of the three major credit reporting agencies.
• Report any suspected identity theft to law enforcement, the Federal Trade Commission, or your state attorney general.

The notice also provides resources and information about rights under the Fair Credit Reporting Act (FCRA), as well as contact information for the credit bureaus and instructions for placing fraud alerts or security freezes.

Given the nature of the breach—which involved both PII and PHI—affected individuals should take these recommendations seriously. Monitoring your financial and medical accounts for unusual activity is especially important in the weeks and months following this type of incident.

For more information, you can visit the Jacksonville Medical Care website.