Ira L. Savetsky MD Data Breach: Sensitive PHI Exposed

Ira L. Savetsky, MD PLLC, a cosmetic plastic surgery practice based in New York City, disclosed a data breach that occurred over a period of more than a year. The practice is led by board-certified plastic surgeon Dr. Ira L. Savetsky and operates from an office at 737 Park Ave. in Manhattan.

An unauthorized party gained access to a single employee's email account within the practice's email environment, potentially obtaining data contained within it. The unauthorized access occurred sometime between November 2024 and January 2026, meaning the intrusion may have persisted undetected for more than a year.

After the incident was discovered, the practice investigated what data may have been compromised. On April 13, 2026, the practice completed its review and confirmed that protected health information belonging to certain patients was present in the compromised email account.

The exposed data included information that patients had emailed directly to the practice's office such as scheduling requests and other correspondence related to their care, first and last names, dates of birth, driver's licenses, medical records, medical health information, health insurance information, telephone numbers and photos.

The practice reported the breach to the Massachusetts Office of Consumer Affairs and Business Regulation on May 22, 2026. The practice also posted a notice on its website on May 12, 2026, to reach patients whose current mailing addresses could not be located.

The practice began sending notification letters to affected individuals on May 21, 2026.

Ira L. Savetsky MD's response to the breach

The practice encouraged affected individuals to remain vigilant by reviewing their credit reports and account statements for any suspicious activity or errors.

The notification letters also included detailed guidance on steps consumers can take to protect their information including fraud alerts, credit freezes and consumers' rights under the Fair Credit Reporting Act.

The practice has not offered credit monitoring or identity protection services to those affected by the breach. However, it has established a dedicated assistance line through TransUnion for people who have questions or concerns. The line can be reached at 1-800-405-6108, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding U.S. holidays.