Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Physicians to Children & Adolescents data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Physicians to Children & Adolescents
Physicians to Children & Adolescents is a health care provider focused on pediatric care, operating in the Bardstown area. With over 35 years in business, the organization has established itself as a local resource for families seeking medical care for children. The company offers extended office hours by appointment, a nurse on call 24 hours, and serves patients from two locations.
The organization employs a team of 10 providers and is known for being the first pediatric practice in Bardstown. Services include routine checkups, immunizations, and resources for parents such as child health topics and product recalls.
What happened?
In October 2025, Physicians to Children & Adolescents reported a significant data breach to the U.S. Department of Health and Human Services. The incident was caused by a ransomware attack carried out by a group known as Cactus. The breach was disclosed on Oct. 24, 2025, and affected a total of 9,536 current and former patients in the United States.
The attackers claimed to have obtained approximately 902 GB of sensitive data. This included a wide range of information
Source: https://www.claimdepot.com/investigations/pediatric-associates-data-breach-2025
Virginia Pediatric Group Ltd. cybersecurity rating report: https://www.rankiteo.com/company/virginia-pediatric-group-ltd-
"id": "VIR1765233294",
"linkid": "virginia-pediatric-group-ltd-",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '9,536',
'industry': 'Healthcare',
'location': 'Bardstown, United States',
'name': 'Physicians to Children & '
'Adolescents',
'size': '10 providers',
'type': 'Healthcare Provider'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '9,536',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'Identifiable '
'Information'},
'date_publicly_disclosed': '2025-10-24',
'description': 'Physicians to Children & Adolescents reported a '
'significant data breach caused by a ransomware '
'attack carried out by the group known as Cactus. '
'The breach exposed sensitive personally '
'identifiable information of 9,536 current and '
'former patients.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': '902 GB of sensitive data',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Under Investigation',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Cactus'},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A.',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Reported '
'to U.S. '
'Department '
'of Health '
'and Human '
'Services'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Cactus',
'title': 'Physicians to Children & Adolescents Data Breach',
'type': 'Data Breach, Ransomware'}