Broad River Physicians Group, LLC

Broad River Physicians Group, a South Carolina-based healthcare organization specializing in emergency medicine, suffered a data breach discovered on May 22, 2025. An unauthorized actor accessed its IT systems between May 22–23, 2025, compromising files containing personally identifiable information (PII) and protected health information (PHI). The exposed data included names, dates of birth, addresses, diagnosis/treatment details, provider names, service dates, and health insurance information. The breach was confirmed after a review concluded on September 11, 2025, with notifications sent to affected individuals (estimated in the thousands) starting September 18, 2025. The exposure of PII + PHI heightens risks of identity theft, insurance fraud, and financial exploitation. While the exact number of victims remains undisclosed, the incident underscores vulnerabilities in healthcare cybersecurity, particularly in safeguarding sensitive patient records. Broad River initiated an internal investigation, secured its systems, and complied with regulatory disclosure requirements, advising impacted individuals on protective measures against potential misuse of their data.

Source: https://www.claimdepot.com/data-breach/broad-river-physicians-group-2025

TPRM report: https://www.rankiteo.com/company/broad-river-rehab

"id": "bro5092450092325",
"linkid": "broad-river-rehab",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Thousands (exact number '
                                              'undisclosed)',
                        'industry': 'Healthcare (Emergency Medicine)',
                        'location': 'South Carolina, USA',
                        'name': 'Broad River Physicians Group, LLC',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Affected individuals notified via mail with '
                        'protective steps (2025-09-18)',
 'data_breach': {'data_exfiltration': 'Yes (files containing PII/PHI were '
                                      'accessed)',
                 'number_of_records_exposed': 'Thousands (exact number '
                                              'undisclosed)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII and PHI)',
                 'type_of_data_compromised': ['Names',
                                              'Dates of birth',
                                              'Addresses',
                                              'Diagnosis information',
                                              'Provider names',
                                              'Dates of service',
                                              'Treatment information',
                                              'Health insurance information']},
 'date_detected': '2025-05-22',
 'date_publicly_disclosed': '2025-09-11',
 'description': 'Broad River Physicians Group, LLC, a healthcare organization '
                'specializing in emergency medicine in South Carolina, '
                'experienced a data breach where an unauthorized actor '
                'accessed IT systems. The breach exposed personally '
                'identifiable information (PII) and protected health '
                'information (PHI), including names, dates of birth, '
                'addresses, diagnosis information, provider names, dates of '
                'service, treatment information, and health insurance '
                'information. The incident raises risks of identity theft and '
                'insurance fraud.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive health and '
                                       'personal data',
            'data_compromised': ['Personally Identifiable Information (PII)',
                                 'Protected Health Information (PHI)'],
            'identity_theft_risk': 'High (due to exposure of PII and PHI)',
            'systems_affected': ['IT systems']},
 'initial_access_broker': {'high_value_targets': ['PII', 'PHI']},
 'investigation_status': 'Internal investigation completed; breach details '
                         'disclosed (as of 2025-09-11)',
 'post_incident_analysis': {'corrective_actions': ['Secured IT systems',
                                                   'Notified affected '
                                                   'individuals']},
 'recommendations': ['Monitor for signs of identity theft or insurance fraud',
                     'Follow guidance provided in breach notification letters'],
 'references': [{'source': 'Broad River Physicians Group Breach Notification '
                           '(2025)'}],
 'regulatory_compliance': {'regulatory_notifications': 'Notifications sent to '
                                                       'affected individuals '
                                                       'in accordance with '
                                                       'regulatory '
                                                       'requirements'},
 'response': {'communication_strategy': ['Notification to affected individuals '
                                         'via mail (initiated 2025-09-18)',
                                         'Provided guidance on protective '
                                         'steps against misuse of exposed '
                                         'data'],
              'containment_measures': ['Secured IT systems'],
              'incident_response_plan_activated': True},
 'threat_actor': 'Unauthorized actor',
 'title': 'Broad River Physicians Group Data Breach (2025)',
 'type': 'Data Breach'}