Belmont Surgery Data Breach Exposes Sensitive Health Information

Belmont Aesthetic & Reconstructive Plastic Surgery, a cosmetic and reconstructive surgery practice based in the Washington, D.C. area and Northern Virginia, disclosed a data breach that affected 528 individuals in the United States

The breach was disclosed to the U.S. Department of Health and Human Services on April 23, 2026. The specific dates on which the breach was discovered and when consumer notifications were sent have not been included in the available disclosures.

On March 3, 2026, the Insomnia ransomware group posted a claim on a dark web, stating that it had obtained data belonging to the organization.

The dark web posting appeared nearly two months before the practice filed its formal breach disclosure with federal regulators. No details were included in the posting about what specific types of information were taken or whether any stolen data has been published by the group.

Based on the practice's federal breach filing, the incident involved protected health information. Protected health information includes medical records, treatment histories, diagnoses, health insurance details and personal identifying information, although the specific categories of data exposed in this breach have not yet been confirmed.

Belmont Aesthetic & Reconstructive Plastic Surgery's response to the breach

At this time, limited information is publicly available about the specific steps the practice has taken in response to this incident.

People who have been patients of the practice should keep an eye out for any direct communications, such as notification letters sent by mail. Individuals who are concerned about the security of their personal or health information may also wish to contact the practice directly to ask about the breach and any protections being offered.

Steps to take if your information was exposed

• Monitor credit reports regularly by requesting free copies at AnnualCreditReport.com and reviewing them carefully for any unfamiliar accounts or suspicious activity.
• Consider placing a fraud alert or credit freeze with the three major credit bureaus: Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289).
• Review health insurance statements carefully for any medical services, prescriptions or equipment that were not received, as this could be a sign of medical identity theft.
• Request copies of medical records from healthcare providers and review them for any inaccurate entries or unfamiliar treatments that could indicate someone has used your identity to receive care.
• Be cautious of phishing attempts that reference Belmont Aesthetic & Reconstructive Plastic Surgery or this data breach by name, including suspicious emails, phone calls or text messages that ask for personal information.
• Report any suspicious activity to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338.