Jeffrey Lisiecki Data Breach Exposes Protected Health Information

Jeffrey Lisiecki MD PLLC, a private plastic surgery practice on the Upper East Side of Manhattan, New York City, disclosed a data breach that involved unauthorized access to an employee email account. The total number of individuals affected across the United States was not disclosed in available filings.

An investigation found that the employee email account had been accessed by an unauthorized party sometime between November 2024 and January 2026.

On April 19, 2026, the practice learned that protected health information belonging to affected individuals was present in the compromised email account. The exposed information had originally been emailed to the practice's office by patients.

The types of protected health information exposed included first and last names, scheduling information, dates of birth, medical health records and photos.

The breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on May 22, 2026. The practice sent out otification letters to affected individuals were on May 21, 2026.

Jeffrey Lisiecki MD's response to the breach

The notification letter included general guidance on steps affected individuals can take to protect their information, such as placing fraud alerts, requesting credit freezes and monitoring credit reports through the three major credit bureaus. Affected individuals were also informed of their rights under the federal Fair Credit Reporting Act, including the right to access and dispute information in their credit files.

Affected individuals who have questions concerning the breach can reach a dedicated call center at 1-800-405-6108, available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding U.S. holidays.

The practice can also be contacted by mail at 737 Park Ave., Suite 1C, New York, New York 10021.