PracticeSuite Data Breach Impacts 13,000 Texans

PracticeSuite, Inc., a provider of cloud-based medical billing, revenue cycle management, and electronic health record software, experienced a significant data breach that impacted 13,353 individuals in the United States. The breach was discovered on October 18, 2024, and involved unauthorized access to sensitive consumer information.

The exposed data includes a wide array of personal and medical details:

• Full name
• Address
• Date of birth
• Phone number
• Email address
• Fax number
• Social Security number
• Driver’s license number
• Government-issued ID number (e.g., passport, state ID card)
• Financial information (e.g., account numbers, credit or debit card numbers)
• Patient ID and unique identifiers
• Certificate or license numbers
• Radiological tests, MRIs, and X-rays
• Medical information
• Health insurance information

The breach affected individuals across multiple states, with 13,000 impacted in Texas, one in Maine, and one in Massachusetts. The company notified affected individuals via written notice sent through U.S. mail on November 15, 2024.

The breach was disclosed to the Maine Attorney General's office on December 28, 2024. Additionally, the incident was reported to the Massachusetts Attorney General's office and is listed on the Texas Attorney General's website.

The breach is especially severe due to the breadth of sensitive information exposed, including Social Security numbers, medical records, and financial data.

While the exact method of the breach has not been disclosed, the scope of the compromised information highlights the potential for identity theft, financial fraud, and misuse of medical records.

PracticeSuite's response

After discovering the data breach on October 18, 2024, PracticeSuite, Inc. took steps to notify affected individuals and relevant authorities. Written notices were sent to consumers on November 15, 2024, detailing the breach and the types of information exposed. The company also reported the incident to attorney general offices in Maine, Massachusetts, and Texas.

While the company has not publicly disclosed additional measures taken to secure its systems or prevent future breaches, affected individuals are encouraged to review the notice provided for further details.

Affected by the PracticeSuite data breach?

If you have been notified by PracticeSuite, Inc. that your information was part of this breach, it is crucial to take immediate action to protect yourself. Here are the steps you should consider:

1. Monitor your financial accounts and credit reports: Regularly review your bank accounts, credit card statements, and credit reports for any unauthorized transactions or suspicious activity. You can obtain a free credit report from each of the three major credit reporting agencies (Equifax, Experian, and TransUnion) annually at AnnualCreditReport.com.
2. Place a fraud alert or credit freeze: A fraud alert notifies creditors to take extra steps to verify your identity before extending credit. A credit freeze restricts access to your credit report, making it harder for identity thieves to open accounts in your name.
3. Monitor your medical records: Since medical information was exposed, review your medical records and health insurance statements for inaccuracies or signs of fraud. Contact your healthcare provider or insurer if you notice any discrepancies.
4. Change passwords and enable two-factor authentication: If you use PracticeSuite's services, update your account password immediately. Use a strong, unique password and enable two-factor authentication for an added layer of security.
5. Be vigilant against phishing scams: Be cautious of unsolicited emails, phone calls, or messages requesting personal information. Scammers may use the stolen data to impersonate legitimate organizations.
6. Consider identity theft protection services: Some companies offer identity theft monitoring and recovery services that can help you detect and respond to fraudulent activity.