Home
>
Data Breach>Twin Cities Pain Clinic

Twin Cities Pain Clinic Data Breach Exposes Social Security Numbers

Published
September 5, 2025
Updated
September 25, 2025
Twin Cities Pain Clinic Data Breach Exposes Social Security Numbers
Twin Cities Pain Clinic
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Twin Cities Pain Clinic

data breach?

Join the Lawsuit

It's free to join. 

Twin Cities Pain Clinic, a pain management medical group in Minnesota, experienced a major data breach. On July 9, 2025 the organization discovered suspicious activity involving a business email compromise (BEC) in an employee’s email account. An investigation revealed that a cybercriminal had accessed files stored in the clinic’s SharePoint environment.

A review took place and on Aug. 19, 2025, it was determined that the cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information included patient names, dates of birth, Social Security numbers, contact information, financial account information, health insurance details, medical record numbers, treatment notes, and provider information.

Twin Cities Pain Clinic began notifying affected individuals by mail on Sept. 4, 2025. The data breach was also disclosed to the Massachusetts Attorney General's office on Sept. 4, 2025.

The data breach was also disclosed to the U.S. Department of Health and Human Services on Sept. 4, 2025, reported as a hacking incident impacting at least 3,572 patients.

Twin Cities Pain Clinic’s response

In addition to required state and federal disclosures, Twin Cities Pain Clinic is offering affected patients 24 free months of TransUnion Cyberscout single-bureau credit monitoring services. The clinic has also set up a dedicated call center for questions at 833-426-9480, 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday.

If you receive notification from Twin Cities Pain Clinic about this breach, you may want to:

  • Sign up for the free credit monitoring services, offered by the clinic.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the medical clinic, visit the Twin Cities Pain Clinic website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Twin Cities Pain Clinic
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
3572
Information Types Exposed
  • Financial Account
  • Medical Records
  • social security numbers

Data Breach Settlements

City of Hope $8.5M Data Breach Class Action Settlement
Fortive Corp. $3M Data Breach Class Action Settlement
University of Minnesota $5M Data Breach Settlement
Heritage Provider Network $49.99M Class Action Settlement
Kerber Eck & Braeckel LLP $1.4M Data Breach Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

River City Eye Care Data Breach Affects PII and PHI
October 20, 2025
River City Eye Care Data Breach Affects PII and PHI
R3 Government Solutions Data Breach Affects U.S. Employees
October 20, 2025
R3 Government Solutions Data Breach Affects U.S. Employees
PeopleGuru Data Breach Exposes Social Security Numbers & Medical Information
October 16, 2025
PeopleGuru Data Breach Exposes Social Security Numbers & Medical Information
Watsonville Hospital Data Breach Affects Entire Patient Database
October 16, 2025
Watsonville Hospital Data Breach Affects Entire Patient Database