Nura PLLC Data Breach Exposes Personal Information of Over 5,000 Patients
Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a cybersecurity incident involving Nura PLLC, a Minnesota-based medical practice focused on chronic pain management. The breach, reported to the U.S. Department of Health and Human Services (HHS) on November 21, 2025, impacted 5,207 individuals across the U.S.
Founded in 1995 by Dr. David Schultz, Nura operates in the Minneapolis area and became a subsidiary of Capitol Pain Institute (a Texas-based practice) following a 2023 merger. While the exact types of compromised data remain undisclosed, affected individuals may have had sensitive personally identifiable information (PII) exposed.
Under state and federal law, breach victims are entitled to clear notifications about the exposed data, free credit monitoring or identity theft protection (if offered), and potential compensation for financial losses or time spent mitigating the incident. Legal options, including class action lawsuits, are being explored to hold Nura accountable.
No further details on the breach’s cause or the specific data involved have been released. Affected individuals are advised to monitor for official notifications from Nura.
Source: https://www.claimdepot.com/investigations/nura-data-breach-2026
Nura Pain Clinics cybersecurity rating report: https://www.rankiteo.com/company/nura-pain-clinics
"id": "NUR1768260004",
"linkid": "nura-pain-clinics",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5207',
'industry': 'Healthcare',
'location': 'Minnesota, USA',
'name': 'Nura PLLC',
'type': 'Medical Practice'}],
'customer_advisories': 'Affected individuals notified of their rights and '
'potential compensation.',
'data_breach': {'number_of_records_exposed': '5207',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally identifiable '
'information'},
'date_publicly_disclosed': '2025-11-21',
'description': 'Nura PLLC reported a data breach affecting 5,207 individuals. '
'The breach exposed sensitive personally identifiable '
'information, though specific types of compromised data have '
'not been disclosed.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'recommendations': 'Affected individuals should remain vigilant, monitor for '
'suspicious activity, and consider legal action if '
'necessary.',
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services'},
'response': {'communication_strategy': 'Notification to affected individuals'},
'title': 'Nura PLLC Data Breach',
'type': 'Data Breach'}