Data Incident Notice | Michael R. Schwartz

Notice of Data Security Incident

On October 23, 2025, Michael R. Schwartz, M.D., Inc. (“the Practice”) mailed notification letters to certain individuals whose information may have been involved in a recent data security incident.

On or about August 25, 2025, the Practice became aware that an unauthorized party gained remote access to one computer within the office network that contained certain personal and health information of some patients. Upon discovering the incident, the Practice promptly secured its systems, launched an investigation, notified law enforcement, and engaged leading cybersecurity experts to assist. The investigation determined that the unauthorized party was able to access some data between January 20, 2025, and August 26, 2025.

The review of the affected files determined that the information involved may have included names, Social Security numbers (if provided), addresses, emails, phone numbers, photographs, and medical record numbers. No payment card or bank account information was involved in this incident.

The Practice takes this matter very seriously. Upon learning of the incident, the Practice took immediate steps to strengthen its systems and safeguards and will continue to implement enhanced security measures. The Practice also notified the U.S. Department of Health and Human Services Office for Civil Rights and relevant state regulators, as required by law.

The Practice has no evidence that any patient information has been misused as a result of this incident. However, in an abundance of caution, the Practice is offering free identity monitoring services to affected individuals.

Individuals seeking more information can contact the dedicated incident response line at 1-833-918-8973 available Monday through Friday, 6:00 a.m. to 6:00 pm Pacific Time or visit https://www.drschwartz.com/ for additional resources.

The Practice sincerely regrets any concern or inconvenience this incident may cause and remains fully committed to protecting the privacy and security of the information in its care.

Frequently Asked Questions (FAQs)

What happened?

What information was involved?

How do I know if my information was involved?

Has my information been misused?

What is being done to prevent this from happening again?

How can individuals protect themselves?

What support is being offered?

Who can I contact for more information?

What happened?

On or about August 25, 2025, the Practice became aware that an unauthorized party gained remote access to one computer within the office network that contained certain personal and health information for some patients. Upon discovering the incident, the Practice secured its systems, launched an investigation, notified law enforcement, and engaged leading cybersecurity experts to assist.

What information was involved?

The information involved may have included a patient’s name, Social Security number (if provided), address, email, phone number, photographs, and medical record number. No payment card or bank account information was involved.

How do I know if my information was involved?

Individuals whose information may have been involved are being notified by mail. If you did not receive a letter but believe your information could have been involved, please contact the dedicated incident response line at 1-833-918-8973. Representatives are available Monday through Friday 6:00 a.m. to 6:00 pm Pacific Time, to provide additional information.

Has my information been misused?

At this time, there is no evidence that any patient information has been misused.

What is being done to prevent this from happening again?

The Practice worked with cybersecurity experts to strengthen its existing safeguards and enhance system security. The Practice has replaced computers and servers, enhanced network protections, and implemented additional staff training.

How can individuals protect themselves?

Even though there is no evidence that information has been misused, individuals are encouraged to remain vigilant by monitoring their medical records and Explanation of Benefits (EOB) statements for any unusual activity, placing a fraud alert or credit freeze on their financial accounts, and visiting identitytheft.gov for information on protecting against identity theft.

What support is being offered?

Affected individuals are being offered complimentary credit monitoring and identity protection services through Experian IdentityWorksSM for 12 months. Enrollment information is included in the mailed notice and available through the call center to affected individuals.

Who can I contact for more information?

For additional questions, individuals can contact the dedicated incident response line at 1-833-918-8973, available Monday through Friday, 6:00 a.m. to 6:00 pm Pacific Time, or visit https://www.drschwartz.com/.