Millcreek Pediatrics Data Breach Affects 14,095 Patients

Millcreek Pediatrics, a pediatric medical practice based in Wilmington, Delaware, has reported a significant data breach. According to the notice, this cybersecurity incident may have exposed personally identifiable information (PII) and protected health information (PHI) of at least 14,095 current and former patients across the U.S.

The incident was first detected on Feb. 25, 2025, when Millcreek Pediatrics identified suspicious activity within its systems. An immediate investigation, assisted by cybersecurity experts, revealed that the unauthorized access occurred between Feb. 17 and Feb. 25, 2025. During this period, files containing sensitive information were potentially accessed or acquired by an unauthorized party.

The types of information exposed in the breach include full names, dates of birth, driver’s license and state identification numbers, medical record numbers, patient identification numbers, diagnosis and conditions information, provider information, dates of service, healthcare claims information, and clinical or treatment information.

For a limited number of individuals, Social Security numbers were also involved. The specific data affected varies by individual. This breach is considered severe due to the breadth of sensitive data involved, particularly the combination of PII and PHI, which can increase the risk of identity theft and medical fraud.

On Nov. 21, 2025, Millcreek Pediatrics posted a Notice of Data Security Incident on it's website, disclosed the data breach to the U.S. Department of Health and Human Services and began notifying impacted individuals.

Millcreek Pediatrics' response

Upon discovering the incident, Millcreek Pediatrics immediately contained the breach and launched a thorough forensic investigation. The company worked with leading cybersecurity experts to determine the scope of the incident and identify whose information was involved. Once the review was complete, affected individuals were notified beginning Nov. 21, 2025.

Millcreek Pediatrics has offered complimentary credit monitoring services to those whose Social Security numbers were involved in the breach.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Millcreek Pediatrics or a company that does business with Millcreek Pediatrics.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

Millcreek Pediatrics has also established a dedicated response line for impacted individuals at 833-426-5702, Monday through Friday, 8 a.m. to 8 p.m., ET.