NS Pharma Data Breach Affects 92,845 Patients

On Nov. 21, 2025, NS Support, LLC, a patient support program operated by NS Pharma, Inc., reported a significant data breach to the U.S. Department of Health and Human Services. So far, the cybersecurity incident has impacted at least 92,845 individuals across the U.S.

According to the official disclosure, the exposed information included first and last names and medical information in the form of notes transcribed by a physician during appointments. This means both personally identifiable information (PII) and protected health information (PHI) were compromised.

The breach was also reported to the Idaho Attorney General on Dec. 3, 2025. The Idaho Attorney General’s notice confirms the scale and nature of the incident. While the specific method of the breach has not been detailed in public disclosures, the sensitivity of the information involved, particularly physician appointment notes, suggests a serious compromise of patient privacy.

Further details about the breach, such as how the data was accessed or by whom, have not been released. Investigations are ongoing, and affected individuals are being notified as required by law.

NS Support's response

In response to the breach, NS Support has complied with federal and state notification requirements, informing both regulators and affected individuals. While the company has not publicly outlined additional steps taken, it is standard practice for organizations in the healthcare sector to review and strengthen their security protocols after such incidents. Affected individuals are encouraged to:

• Carefully review any correspondence from NS Support regarding the breach
• Monitor their medical records and insurance statements for unusual activity
• Be cautious of unsolicited communications referencing their medical care or appointment details
• Consider placing a fraud alert or credit freeze with major credit bureaus if concerned about identity theft

Since the breach involved sensitive medical information, it is important for affected individuals to remain vigilant for potential phishing attempts or scams that reference their healthcare provider or specific treatments.