Anatomic and Clinical Laboratory Associates P.C.: ACLA Data Breach Exposes Social Security Numbers & Medical Information

Anatomic and Clinical Laboratory Associates P.C.: ACLA Data Breach Exposes Social Security Numbers & Medical Information

ACLA Discloses Data Breach Affecting Thousands, Exposing Sensitive Personal and Health Information

Anatomic and Clinical Laboratory Associates P.C. (ACLA), a Nashville-based physician-owned pathology group, recently disclosed a data breach involving unauthorized access to its computer network. The incident, reported to the Massachusetts Office of Consumer Affairs and Business Regulation on June 23, 2026, affected 69 Massachusetts residents, though the full scope of impacted individuals remains unclear.

ACLA first detected potential unauthorized activity on December 1, 2025, prompting an investigation that revealed an unknown actor had accessed and downloaded files without authorization. A comprehensive review of the affected data concluded on April 27, 2026, nearly five months after discovery.

The breach exposed personally identifiable information (PII) including names, dates of birth, Social Security numbers, and taxpayer identification numbers as well as protected health information (PHI), such as medical histories, diagnoses, treatment details, and patient account numbers.

In response, ACLA began mailing notification letters to affected individuals on June 23, 2026, providing details of the incident and offering complimentary credit monitoring and identity theft protection services through Epiq. The services include credit monitoring, dark web surveillance, identity restoration, and lost wallet assistance, with enrollment available until September 30, 2026. Affected individuals can activate the services using a personalized code from their notification letter.

ACLA has also established a dedicated call center (866-659-7137) for incident-related inquiries, available for 90 days from the date of each individual’s notification letter. Those who did not receive a letter but suspect they may have been affected can verify eligibility by contacting 866-675-2006. The breach underscores the ongoing risks to sensitive healthcare data and the delayed timelines often involved in breach investigations and disclosures.

Source: https://www.claimdepot.com/data-breach/acl-laboratories-2026

Opus Pathology cybersecurity rating report: https://www.rankiteo.com/company/opuspathology

"id": "OPU1782434059",
"linkid": "opuspathology",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '69 Massachusetts residents '
                                              '(full scope unclear)',
                        'industry': 'Pathology',
                        'location': 'Nashville, Tennessee, USA',
                        'name': 'Anatomic and Clinical Laboratory Associates '
                                'P.C. (ACLA)',
                        'type': 'Healthcare'}],
 'customer_advisories': 'Notification letters with complimentary credit '
                        'monitoring and identity theft protection services; '
                        'dedicated call center for inquiries',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Names',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         'Taxpayer '
                                                         'identification '
                                                         'numbers',
                                                         'Medical histories',
                                                         'Diagnoses',
                                                         'Treatment details',
                                                         'Patient account '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Protected health information '
                                              '(PHI)']},
 'date_detected': '2025-12-01',
 'date_publicly_disclosed': '2026-06-23',
 'date_resolved': '2026-04-27',
 'description': 'Anatomic and Clinical Laboratory Associates P.C. (ACLA), a '
                'Nashville-based physician-owned pathology group, disclosed a '
                'data breach involving unauthorized access to its computer '
                'network. The breach exposed personally identifiable '
                'information (PII) and protected health information (PHI) of '
                'thousands of individuals.',
 'impact': {'data_compromised': 'Personally identifiable information (PII) and '
                                'protected health information (PHI)',
            'identity_theft_risk': 'High',
            'systems_affected': 'Computer network'},
 'investigation_status': 'Completed',
 'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
                           'Business Regulation'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to the '
                                                       'Massachusetts Office '
                                                       'of Consumer Affairs '
                                                       'and Business '
                                                       'Regulation'},
 'response': {'communication_strategy': 'Notification letters mailed to '
                                        'affected individuals, dedicated call '
                                        'center established',
              'third_party_assistance': 'Epiq (credit monitoring and identity '
                                        'theft protection services)'},
 'title': 'ACLA Data Breach Exposing Sensitive Personal and Health Information',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.