General Physician PC Data Breach Affects Patients

General Physician PC, a medical practice in New York, experienced a data breach that exposed both personally identifiable information (PII) and protected health information (PHI). On or about August 6, 2024 it was determined an unauthorized actor gained access to a GPPC email account between April 6, 2024, and June 12, 2024.

Compromised information includes full name, address, Social Security number, financial account information, date of birth, medical history information, mental and physical treatment information, diagnosis information, treating physician, medical record number, health insurance information, policy number, subscriber number, and group/plan number. The total number of affected individuals has not been released.

General Physician PC published a Notice of Data Privacy Event on its own website and began notifying individuals on June 25, 2025. The cybersecurity incident was disclosed to the Massachusetts Attorney General's office on June 27, 2025., reporting 59 Massachusetts residents affected by the data breach.

General Physician, P.C.’s response

General Physician, P.C. notified affected individuals and state and federal authorities as required by law. GPPC is offering free IDX credit monitoring and identity restoration services to impacted patients.

If you receive a notice from General Physician PC about this breach, you may want to:

• Sign up for the free IDX credit monitoring and identity restoration services offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about GPPC services and network, visit the General Physician PC website.