Keys Pathology Associates Data Breach Affects up to 20K People

Keys Pathology Associates, a Florida-based provider of anatomic and clinical pathology services, recently disclosed a significant data breach that affected 13,756 to 20,000 individuals across the United States, according to various sources. The incident stemmed from a cyberattack on Genesis Billing Services Inc., a third-party vendor that Keys Pathology Associates used to host patient billing data.

On May 27, 2025, Genesis notified Keys Pathology Associates that an unknown threat actor had accessed the server hosting their patient data without authorization around May 20, 2025. According to Genesis, the attacker downloaded all of Genesis’s files and then encrypted the entire system in what appears to be a ransomware event.

Genesis reported the incident to federal law enforcement and began working to identify affected patients. However, the process was complicated by the fact that the data was stored in an unstructured format. It was not until Aug. 21, 2025, that Keys Pathology Associates was able to begin deciphering the names and contact information of potentially affected patients. The company then worked to notify individuals whose information was included in the compromised server.

The types of information exposed in this breach are extensive and include both personally identifiable information (PII) and protected health information (PHI): names, addresses, Social Security numbers, member identification numbers, dates of birth, health insurance information, phone numbers, driver’s license numbers and health information.

The exposure of this combination of sensitive data increases the risk of identity theft and medical fraud for those affected.

The breach was reported to several state and federal agencies. The Maine Attorney General’s website lists 26 Maine residents affected, while Massachusetts reported 79, Montana reported 11 and New Hampshire reported 26. The U.S. Department of Health and Human Services was also notified, as the breach involved protected health information.

Keys Pathology Associates's response

In response to the breach, Keys Pathology Associates took several steps to address the incident and protect affected individuals. The company immediately terminated its relationship with Genesis Billing Services to reduce the risk of a similar incident occurring in the future. Recognizing the severity of the breach and the sensitivity of the information involved, Keys Pathology Associates is offering affected individuals complimentary single-bureau credit monitoring, credit report and credit score services provided by Cyberscout, a TransUnion company specializing in fraud assistance and remediation.

Individuals affected by the breach are encouraged to enroll in the free identity protection services within 90 days of receiving their notification letter. The services include credit monitoring and proactive fraud assistance. Affected individuals can enroll by visiting https://bfs.cyberscout.com/activate or by calling 1-833-426-7791.

Given the nature of the information exposed, it is important for affected individuals to remain vigilant by reviewing account statements and monitoring their credit reports for suspicious activity. Placing a fraud alert or security freeze with the major credit bureaus is also recommended. The notification letters provided detailed instructions on how to take these steps, as well as contact information for state and federal agencies that can assist with identity theft concerns.