Partners in Pediatrics, a pediatric healthcare practice in Denver and Englewood, Colorado, suffered a data breach in March 2025 when an unauthorized actor accessed its internal email network. The breach exposed sensitive patient and family data, including personally identifiable information (PII) and protected health information (PHI) such as names, contact details, Social Security numbers, driver’s license information, health insurance records, medical histories, and payment data. The incident was discovered on March 5, 2025, with investigations concluding by September 23, 2025. Affected individuals were notified in October 2025, though the exact number of victims remains undisclosed. The breach was reported to the Vermont Attorney General’s office on October 6, 2025. Partners in Pediatrics responded by engaging cybersecurity experts, securing systems, and setting up a dedicated assistance line for impacted individuals. The exposure of such highly sensitive data poses significant risks of identity theft, financial fraud, and misuse of medical records.
Source: https://www.claimdepot.com/data-breach/partners-in-pediatrics-2025
TPRM report: https://www.rankiteo.com/company/partners-in-pediatrics-denver
"id": "par5492454100625",
"linkid": "partners-in-pediatrics-denver",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and their families '
'(exact number undisclosed)',
'industry': 'Healthcare',
'location': ['Denver, Colorado', 'Englewood, Colorado'],
'name': 'Partners in Pediatrics',
'type': 'Pediatric Healthcare Practice'}],
'attack_vector': 'Email Compromise',
'customer_advisories': ['Review notices from Partners in Pediatrics.',
'Monitor for identity theft.',
'Avoid sharing personal information in response to '
'unsolicited requests.'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Emails',
'Attachments (likely containing '
'documents with sensitive data)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and payment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-03-05',
'date_publicly_disclosed': '2025-10-06',
'date_resolved': '2025-09-23',
'description': 'Partners in Pediatrics, a pediatric healthcare practice based '
'in Denver and Englewood, Colorado, experienced a data breach '
'where an unauthorized actor accessed and acquired emails '
'containing sensitive information, including PII and PHI. The '
'breach was discovered on March 5, 2025, and impacted '
'individuals were notified in October 2025. The exposed data '
'may include names, contact details, Social Security numbers, '
'medical records, and payment information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Contact Information',
'Dates of Birth',
'Social Security Numbers',
"Driver's License Information",
'Health Insurance Details',
'Medical Records',
'Payment Information'],
'identity_theft_risk': "High (due to exposure of SSNs, driver's "
'license info, and financial details)',
'legal_liabilities': "Disclosure to Vermont Attorney General's "
'office; potential regulatory scrutiny under '
'HIPAA or state laws',
'payment_information_risk': 'High (payment information exposed)',
'systems_affected': ['Internal Email Network']},
'initial_access_broker': {'entry_point': 'Internal email network',
'high_value_targets': ['Patient PII/PHI',
'Payment information']},
'investigation_status': 'Completed (as of 2025-09-23)',
'post_incident_analysis': {'corrective_actions': ['Engaged cybersecurity '
'experts',
'Secured email systems']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft.',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus.',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information.'],
'references': [{'source': 'Partners in Pediatrics Breach Notice'},
{'date_accessed': '2025-10-06',
'source': "Vermont Attorney General's Office Disclosure"}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA '
'violations',
'State data breach '
'notification laws'],
'regulatory_notifications': ['Vermont Attorney '
"General's office "
'(notified on '
'2025-10-06)']},
'response': {'communication_strategy': ['Mail notifications to impacted '
'individuals (October 2025)',
'Establishment of an assistance line '
'(855-291-2707, Mon-Fri 6:00 am – '
'6:00 pm MT)',
'Public disclosure to Vermont '
"Attorney General's office (October "
'6, 2025)'],
'containment_measures': ['Securing email systems',
'Engaging cybersecurity experts'],
'incident_response_plan_activated': True,
'third_party_assistance': 'Cybersecurity experts engaged for '
'investigation and remediation'},
'stakeholder_advisories': 'Assistance line established for impacted '
'individuals (855-291-2707).',
'threat_actor': 'Unauthorized Actor',
'title': 'Partners in Pediatrics Data Breach',
'type': 'Data Breach'}