McEwen & Associates Reports Significant Data Breach

McEwen & Associates, a Texas-based medical practice support company that provides billing and management services to medical groups, experienced a major data breach. The breach was disclosed to the U.S. Department of Health and Human Services on Aug. 21, 2025, reported as a hacking incident.

The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI). The total number of affected individuals has not been released, but may include thousands of patients from hundreds of medical practices and facilities.

Exposed information may include names, addresses, dates of birth, Social Security numbers, medical records, health insurance details and payment information. The combination of the different types of personal and health data increases the risk of identity theft and medical fraud for impacted individuals.

McEwen & Associates' response

In addition to required state and federal disclosures, McEwen & Associates will work with its medical practice clients to identify impacted individuals and notify them by mail.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from McEwen & Associates, or your medical provider.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more details about the company’s services and background, visit the McEwen & Associates website.