NWMS Data Breach Affects 3,846 Patients in 2025

Northwest Medical Specialties PLLC (NWMS), a physician-owned healthcare practice based in Washington, experienced a data breach. On Aug. 18, 2025, the practice received notification that an unauthorized actor had accessed data stored on its network. An investigation was launched and it was determined that personal patient information was possibly copied by the hacker.

NWMS has not publicly released the specifics of the data compromised in the cybersecurity incident, but is believed to include both personally identifiable information (PII) and protected health information (PHI) of several thousand individuals. Exposed information included names, dates of birth, diagnosis or condition information, lab results, medications, or other treatment information. The practice published a Data Privacy Notice on its website.

The data breach was disclosed to the U.S. Department of Health and Human Services and the Washington Attorney General's office on Aug. 28, 2025, reporting 3,846 patients involved. Northwest Medical Specialties PLLC began notifying affected individuals by mail on Sept. 3, 2025.

Northwest Medical Specialties PLLC's response

In addition to required state and federal disclosures, the practice is offering 12 free months of TransUnion Cyberscout single-bureau credit monitoring and identity protection services to everyone affected by the data breach.

If you receive notification from Northwest Medical Specialties PLLC about this breach, you may want to:

• Sign up for the free credit monitoring services, provided by the practice.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the medical group, visit the Northwest Medical Specialties website.