Ochsner LSU Health Regional Urology Data Breach Exposes Protected Health Information

On Oct. 10, 2025, Ochsner LSU Health discovered a data security incident involving retired computer systems that had not been in use since 2022. An investigation, supported by external cybersecurity experts, determined that an unauthorized third party gained access to the old systems and, on Oct. 5, 2025, obtained copies of certain files containing patient information.

According to the HHS breach portal disclsoure, the breach affected the protected health information of 4,519 people.

According to company's website disclosure, the exposed information varies by patient but may include a combination of personally identifiable information (PII) and protected health information (PHI): name, Social Security number, date of birth, medical record number, provider name, date(s) of treatment, medical history, imaging or procedure information.

Ochsner LSU Health's response

Patients are encouraged to review any statements they receive from healthcare providers and to report any inaccuracies immediately. The company has established a dedicated, toll-free call center at 844-572-2718, available Monday through Friday from 9 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays, for individuals seeking more information or assistance.

Given the nature of the breach—unauthorized access to legacy systems and the exposure of sensitive PII and PHI—it is important for affected individuals to remain vigilant. Monitoring financial and medical statements for unusual activity and taking advantage of the offered credit monitoring services are recommended steps.