Millcreek Pediatrics Reports Major Data Breach Affecting 14,095 Patients
Millcreek Pediatrics, a Wilmington, Delaware-based pediatric practice, disclosed a significant data breach that may have exposed the personally identifiable information (PII) and protected health information (PHI) of 14,095 current and former patients nationwide.
The breach was first detected on February 25, 2025, after suspicious activity was identified within the practice’s systems. A subsequent investigation, supported by cybersecurity experts, determined that unauthorized access occurred between February 17 and February 25, 2025, during which sensitive files were potentially accessed or exfiltrated.
The compromised data includes full names, dates of birth, driver’s license and state ID numbers, medical record numbers, diagnosis details, treatment information, and healthcare claims data. For some individuals, Social Security numbers were also exposed, heightening the risk of identity theft and medical fraud.
Millcreek Pediatrics publicly acknowledged the incident on November 21, 2025, posting a Notice of Data Security Incident on its website and reporting the breach to the U.S. Department of Health and Human Services. Affected individuals began receiving notifications on the same date.
In response, the practice contained the breach, conducted a forensic investigation, and engaged cybersecurity experts to assess the scope of the incident. Those whose Social Security numbers were compromised were offered complimentary credit monitoring services. A dedicated response line (833-426-5702) was also established for impacted individuals.
Source: https://www.claimdepot.com/data-breach/millcreek-pediatrics-2025
Millcreek Of Pontotoc Treatment Center cybersecurity rating report: https://www.rankiteo.com/company/millcreek-of-pontotoc
"id": "MIL1765310490",
"linkid": "millcreek-of-pontotoc",
"type": "Breach",
"date": "2/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '14095',
'industry': 'Healthcare',
'location': 'Wilmington, Delaware, USA',
'name': 'Millcreek Pediatrics',
'type': 'Pediatric Medical Practice'}],
'customer_advisories': 'Complimentary credit monitoring services offered to '
'those whose Social Security numbers were involved',
'data_breach': {'data_exfiltration': 'Potentially accessed or acquired',
'number_of_records_exposed': '14095',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Driver’s license and state '
'identification numbers',
'Medical record numbers',
'Patient identification numbers',
'Diagnosis and conditions '
'information',
'Provider information',
'Dates of service',
'Healthcare claims information',
'Clinical or treatment '
'information',
'Social Security numbers (for a '
'limited number of '
'individuals)']},
'date_detected': '2025-02-25',
'date_publicly_disclosed': '2025-11-21',
'description': 'Millcreek Pediatrics reported a significant data breach that '
'may have exposed personally identifiable information (PII) '
'and protected health information (PHI) of at least 14,095 '
'current and former patients across the U.S.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High'},
'investigation_status': 'Completed',
'recommendations': ['Carefully review any notice or communication received '
'from Millcreek Pediatrics or associated companies',
'Monitor financial accounts and credit reports for signs '
'of identity theft',
'Consider placing fraud alerts or credit freezes with the '
'major credit bureaus',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information'],
'references': [{'source': 'Millcreek Pediatrics Notice of Data Security '
'Incident'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services']},
'response': {'communication_strategy': 'Notice of Data Security Incident '
'posted on website, notifications to '
'affected individuals, dedicated '
'response line established',
'containment_measures': 'Immediate containment of the breach',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Forensic investigation and notification '
'of affected individuals',
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Millcreek Pediatrics Data Breach',
'type': 'Data Breach'}