Rheumatology Associates of Baltimore Data Breach Affects 28,968 Patients

On April 11, 2025, Rheumatology Associates of Baltimore, LLC (RAB) was notified by its third-party software vendor, Endue Software, of a data security incident that may have impacted the personal information of 28,968 individuals, including patients of the practice. The incident was first discovered by Endue on February 17, 2025, when the company detected potential unauthorized access to certain systems.

Further investigation revealed that a cybersecurity event had occurred, allowing an unauthorized actor to access and copy files from Endue’s internal systems during a brief period on February 16, 2025.

As a result of this breach, a range of sensitive data was exposed, including full name, address, Social Security number, date of birth, and/or medical record number.

The breach was officially reported to the U.S. Department of Health and Human Services on April 21, 2025, and is listed on the HHS breach portal. RAB has also posted a detailed notice and resources for affected individuals on their official website.

Rheumatology Associates of Baltimore's response

In response to the breach, Endue immediately secured its environment and launched a thorough investigation to determine the scope and nature of the incident. They are currently mailing notification letters to affected individuals for whom they have valid mailing addresses. RAB and Endue are providing a dedicated assistance line at 1-833-998-5748 and have published detailed guidance for those impacted.

If you may be affected, it is important to take proactive steps to protect your identity and personal information. Recommended actions include:

• Monitoring your credit reports for any suspicious activity. You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion). Visit Annual Credit Report or call 1-877-322-8228.
• Considering placing a fraud alert or credit freeze on your credit file. Fraud alerts require businesses to verify your identity before issuing new credit. Credit freezes restrict access to your credit report, making it harder for identity thieves to open accounts in your name.
• Reviewing the detailed steps and contact information for the credit bureaus, as well as additional resources provided by the Federal Trade Commission and your state’s Attorney General, as outlined in the official notice.
• If you notice any signs of identity theft or fraud, file a report with law enforcement and the Federal Trade Commission at IdentityTheft.gov.

For more information, you can review the full notice and resources posted on the Rheumatology Associates of Baltimore data breach information page.