Twin Cities Pain Clinic Data Breach Affects One in MA

Twin Cities Pain Clinic, a pain management medical group in Minnesota, experienced a major data breach. On July 9, 2025 the organization discovered suspicious activity involving a business email compromise (BEC) in an employee’s email account. An investigation revealed that a cybercriminal had accessed files stored in the clinic’s SharePoint environment.

A review took place and on Aug. 19, 2025, it was determined that the cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information included patient names, dates of birth, Social Security numbers, contact information, financial account information, health insurance details, medical record numbers, treatment notes, and provider information.

Twin Cities Pain Clinic began notifying affected individuals by mail on Sept. 4, 2025. The data breach was also disclosed to the Massachusetts Attorney General's office on Sept. 4, 2025. The total number of patients involved in the breach has not been released, but is believed to be in the thousands.

Twin Cities Pain Clinic’s response

In addition to required state and federal disclosures, Twin Cities Pain Clinic is offering affected patients 24 free months of TransUnion Cyberscout single-bureau credit monitoring services. The clinic has also set up a dedicated call center for questions at 833-426-9480, 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday.

If you receive notification from Twin Cities Pain Clinic about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the clinic.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the medical clinic, visit the Twin Cities Pain Clinic website.