Interventional Pain Center Data Breach Exposes Sensitive Patient Information
Interventional Pain Center PLLC, a Tennessee-based pain management practice with locations in Hendersonville and Nashville, disclosed a data breach affecting 3,171 individuals in the U.S. The incident, reported to the U.S. Department of Health and Human Services on March 31, 2026, involved unauthorized access to an employee email account between December 1 and December 11, 2025.
The breach was discovered on December 11, 2025, prompting an investigation with cybersecurity experts. By March 6, 2026, the company confirmed that sensitive data was present in the compromised account. A full review, completed by March 17, 2026, revealed that exposed information included:
- Personally identifiable data: Names, Social Security numbers, addresses, ZIP codes, driver’s license numbers, and dates of birth.
- Protected health information: Medical histories, diagnoses, treatment details, prescription records, physician information, and health insurance subscriber numbers.
Interventional Pain Center has since posted a breach notice on its website and established a dedicated helpline (877-507-2651) for affected individuals, available weekdays from 8 a.m. to 5 p.m. Central Time. The incident highlights the risks of email-based breaches in healthcare, where highly sensitive patient data remains a prime target.
Source: https://www.claimdepot.com/data-breach/interventional-pain-center-2026
Interventional Pain Center (IPC) cybersecurity rating report: https://www.rankiteo.com/company/interventional-pain-center
"id": "INT1775746976",
"linkid": "interventional-pain-center",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3171',
'industry': 'Healthcare',
'location': 'Hendersonville and Nashville, Tennessee, '
'USA',
'name': 'Interventional Pain Center PLLC',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized email account access',
'customer_advisories': 'Dedicated helpline (877-507-2651) for affected '
'individuals, available weekdays from 8 a.m. to 5 p.m. '
'Central Time.',
'data_breach': {'number_of_records_exposed': '3171',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Addresses',
'ZIP codes',
'Driver’s license '
'numbers',
'Dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information',
'Protected health information']},
'date_detected': '2025-12-11',
'date_publicly_disclosed': '2026-03-31',
'date_resolved': '2026-03-17',
'description': 'Interventional Pain Center PLLC, a Tennessee-based pain '
'management practice, disclosed a data breach affecting 3,171 '
'individuals in the U.S. The incident involved unauthorized '
'access to an employee email account, exposing personally '
'identifiable and protected health information.',
'impact': {'data_compromised': 'Personally identifiable information and '
'protected health information',
'identity_theft_risk': 'High',
'systems_affected': 'Employee email account'},
'investigation_status': 'Completed',
'lessons_learned': 'Highlights the risks of email-based breaches in '
'healthcare, where highly sensitive patient data remains a '
'prime target.',
'post_incident_analysis': {'root_causes': 'Unauthorized access to employee '
'email account'},
'references': [{'source': 'Interventional Pain Center Breach Notice'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services'},
'response': {'communication_strategy': 'Breach notice on website, dedicated '
'helpline (877-507-2651)',
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Interventional Pain Center Data Breach Exposes Sensitive Patient '
'Information',
'type': 'Data Breach'}