Tulane University Medical Group Data Breach Exposes PHI and PII of 6.5k

Tulane University Medical Group recently notified patients about a data breach that may have exposed personal and medical information. The breach, which occurred in November 2025, affected a total of 6,556 people in the United States, according to a disclosure filed with the U.S. Department of Health and Human Service.

The medical group discovered on Nov. 18, 2025, that the breach may have involved protected health information.

How the breach happened

On Nov. 10, 2025, an unauthorized party gained access to certain Tulane University Medical Group email accounts through a phishing cyberattack. A phishing attack typically involves a deceptive email or message designed to trick someone into revealing login credentials or other sensitive information.

After discovering the unauthorized access, TUMG took steps to investigate the incident. Those steps included conducting a forensic analysis of the affected email accounts and removing the unauthorized party's access.

On Nov. 18, 2025, TUMG determined the breach may have involved protected health information. That same day, the ransomware group known as Cl0P claimed responsibility for an attack on Tulane University in a posting on the Tor network.

The breach exposed sensitive personal information such as first, middle or last names, dates of birth and contact details. It also involved clinical information such as diagnosis or treatment records, prescription information, medical record numbers, health insurance numbers and dates of service or evaluation.

In a few cases, driver's license numbers or full or partial Social Security numbers were also part of the compromised data.

How Tulane University Medical Group responded

In response to the breach, TUMG said it has implemented additional security safeguards. These include conducting additional security awareness training for workforce members, according to the company's notification.

For individuals whose Social Security numbers were involved, TUMG is offering free credit monitoring services. Those services include features such as a fraud alert, security freeze and free credit report.

Individuals who suspect they were affected by this incident can contact TUMG's dedicated call center toll-free at 855-815-3936. The call center is available Monday through Friday between 8 a.m. and 8 p.m. Central Time.

Callers can ask questions, raise concerns or get information about how to obtain free credit monitoring if they are eligible.

Steps to take if your information was exposed

For those whose Social Security numbers were involved:

• Place a credit freeze with all three major credit bureaus. A credit freeze prevents new accounts from being opened in a person's name. Contact each bureau directly: Equifax, Experian, and TransUnion.
• Place a fraud alert with one of the three bureaus. A fraud alert tells creditors to take extra steps to verify identity before opening new accounts.
• Request and review a free credit report from each bureau. Individuals can get free reports at AnnualCreditReport.com.
• Consider applying for an IRS Identity Protection PIN. This is a six-digit number that helps prevent someone else from filing a tax return using a stolen Social Security number. It can be requested through the IRS website.

For those whose health information was involved:

• Review Explanation of Benefits (EOB) statements from health insurance providers carefully. Look for any medical services, prescriptions or claims that do not seem familiar.
• Contact the health insurance company if any suspicious activity appears on an EOB statement. Report any claims for services that were never received.
• Request a copy of medical records from healthcare providers and review them for accuracy. Incorrect information in a medical record could affect future care.

For those whose driver's license numbers were involved:

• Contact the state department of motor vehicles to ask about additional protections or monitoring options.
• Watch for any unexpected correspondence related to driving records or identification documents.

General precautions for all affected individuals:

• Monitor bank and credit card statements regularly for any unauthorized transactions.
• Be cautious of phishing attempts that may reference this breach by name. Scammers sometimes use news of a real data breach to send convincing phishing emails or make fraudulent phone calls.
• Do not click on links or provide personal information in response to unsolicited emails, texts or calls claiming to be related to this incident.
• Review personal accounts for any suspicious activity on a regular basis.