Onsite Mammography Data Breach Affects PHI of 357,265 Americans: SSNs Exposed

In mid-April 2025, ONsite Mammography identified a data breach that impacted the personal and medical information of hundreds of thousands of individuals across the United States. The incident was discovered on April 15, 2025, and ONsite Mammography promptly began notifying both affected individuals and regulatory authorities.

According to official disclosures, the breach affected a total of 357,265 people nationwide. The compromised information includes a combination of personally identifiable information (PII) and protected health information (PHI): social security numbers, medical records, and other sensitive data.

State-level reporting reveals the following breakdown of affected individuals: 31,663 in Texas, 32 in Maine, 89 in Massachusetts, 6,925 in South Carolina, and 39 in New Hampshire.

While the company has not publicly detailed the exact method of the breach or identified the responsible party, the scale and nature of the exposed data indicate a severe incident. The inclusion of both social security numbers and medical records means that affected individuals could be at risk for a range of fraudulent activities.

Onsite Mammography's response

After discovering the breach on April 15, 2025, ONsite Mammography moved quickly to notify affected individuals and regulatory agencies. Notifications to state attorneys general and federal regulators were submitted between April 21 and April 22, 2025, and the company began contacting affected consumers primarily via U.S. Mail. In Texas, a statewide media broadcast was also employed to reach impacted residents.

ONsite Mammography has published a press release with further details about the incident and steps for consumers to take. At this time, the company recommends that affected individuals remain vigilant by monitoring their credit reports, reviewing account statements, and watching for any suspicious activity related to their identity or medical records.

Given the exposure of both PII and PHI, it is important for those affected to:

• Check for signs of identity theft or medical fraud.
• Consider placing a fraud alert or credit freeze with the major credit bureaus.
• Review medical insurance statements for unauthorized activity.
• Take advantage of any credit monitoring or identity protection services that may be offered by ONsite Mammography.

If you have received a notification letter, follow the instructions provided and keep all correspondence for your records.

ONsite Mammography notified the Maine Attorney General, Texas Attorney General, Massachusetts Attorney General, South Carolina Attorney General, New Hampshire Attorney General, and the U.S. Department of Health and Human Services in accordance with state and federal law. The company also disclosed the breach to the Vermont Attorney General.