The Plastic Surgery Center Data Breach Exposes PHI & PII

On November 4, 2024, The Plastic Surgery Center’s contracted billing company detected suspicious activity on its network, leading to the discovery of a data breach that potentially exposed both personally identifiable and protected health information. An unknown actor gained unauthorized access to certain systems on that date, and during this intrusion, files containing sensitive information were accessed and/or exfiltrated.

The Plastic Surgery Center and its billing partner launched an in-depth investigation to determine the full scope of the incident and to identify which individuals were affected. This review process was completed on April 4, 2025.

The breach exposed a range of personal information like names, dates of birth, driver’s license and/or passport numbers, Social Security numbers, taxpayer IDs, financial account and payment card information, biometric data, and health insurance information.

While the company has not found evidence of actual or attempted misuse of the compromised information, the exposure of personally identifiable information (PII) raises the risk of identity theft and fraud for those affected.

The exact number of impacted individuals has not been disclosed, but the breach notification was filed with the Vermont Attorney General’s office and the Massachusetts Attorney General's office. They include guidance for residents in several states, indicating a broad geographic impact.

The Plastic Surgery Center’s response

For those potentially affected, The Plastic Surgery Center is offering complimentary credit monitoring and identity restoration assistance through IDX for a period of 12 or 24 months (as specified in the individual notice). Impacted individuals must enroll by July 18, 2025, to take advantage of these services. Instructions for enrollment, including an enrollment code and a dedicated support phone line, are provided in the notice.

The company recommends that all affected individuals remain vigilant by monitoring their financial accounts, reviewing credit reports, and considering placing fraud alerts or credit freezes with the major credit bureaus. Additional guidance and contact information for consumer protection agencies are included in the notification.

If you have received a notice or believe you may be affected, it is important to:

• Enroll in the free credit monitoring and identity theft protection services offered.
• Regularly review your bank, credit card, and other financial statements for unauthorized activity.
• Obtain and review your free annual credit reports from Equifax, Experian, and TransUnion.
• Consider placing a fraud alert or credit freeze on your credit files for added protection.
• Contact IDX or The Plastic Surgery Center’s support team if you have questions or need assistance.

More information on the breach can be found at The Plastic Surgery Center's dedicated Notice of a Data Security Event website.