General Physician Data Breach Lawsuit Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the General Physician, P.C. data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About General Physician, P.C.
General Physician, P.C. is a multi-specialty medical practice headquartered in Western New York. Established in 2010, the is one of the largest medical groups in the region, offering care across 20 different specialties.
With more than 400 physicians and advanced practice providers, General Physician, P.C. operates over 50 locations in more than 20 towns and villages. General Physician, P.C. employs more than 1,200 people and provides primary care, women’s health, cardiovascular care and more.
What happened?
On June 12, 2024, General Physician, P.C. discovered a data breach that affected patients’ personal and protected health information. The breach occurred between April 6, 2024, and June 12, 2024 when an unauthorized actor gained access to a GPPC email account and had the ability to access certain files containing sensitive data.
The total number of individuals affected by the data breach has not been released. General Physician PC began notifying individuals on June 25, 2025.
The cybersecurity incident was disclosed to the Massachusetts Attorney General's office on June 27th, reporting 59 Massachusetts residents affected. GPPC published a Notice of Data Privacy Event on its website.
Exposed Information
- Social Security number
- Address
- Date of birth
- Diagnosis information
- Full name
- Health insurance information
- Health plan number
- Medical history information
- Medical record number
- Mental and physical treatment information
- Policy number
- Subscriber number
- Treating physician
Your Rights and Next Steps
If you received a notification from General Physician, P.C. about this data breach, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.
- Credit monitoring and identity theft restoration services: Sign up for the free IDX credit monitoring and identity restoration services offered by GPPC.
- Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
- Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
- Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.
Lawyers are ready to help individuals affected by the General Physician, P.C. data breach. You may have the right to join a class action lawsuit seeking compensation for any harm suffered as a result of the breach.
You May Be Entitled to Compensation
If you were affected by the General Physician, P.C. data breach, you may be eligible for compensation, which could include reimbursement for out-of-pocket expenses, time spent addressing the breach, or payment for emotional distress. Lawyers are investigating claims on behalf of patients whose personal and medical information was exposed.
Completing the form below is the first step toward joining a lawsuit.