Thomas Davies, DPM Data Breach Affects 14,581 Patients

On Sept. 29, 2025, Dr. Thomas Davies, DPM & Dr. Daniel Davies, DPM, a large podiatry practice in New York, disclosed a major data breach. The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI) of at least 14,581 individuals.

While the specific method of the breach and the responsible party have not been made public, the incident was severe enough to require notification under federal health privacy regulations. Exposed information may have included names, contact information, dates of birth, Social Security numbers, driver's license or state ID numbers, medical records, health insurance information and payment card information.

The data breach was reported to the U.S. Department of Health and Human Services on Sept. 29, 2025. The combination of personal and protected data exposure puts current and former patients at risk of identity theft and medical fraud.

Thomas Davies, DPM's response

Specific details about the practice’s internal investigation or remediation efforts have not been disclosed, it is standard practice for healthcare providers to engage with cybersecurity experts to review security protocols and notify law enforcement. In addition to required state and federal disclosures, the podiatry practice will notify impacted individuals by mail.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Dr. Thomas Davies, DPM & Dr. Daniel Davies, DPM.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.