Anesthesia Associates of Morristown Data Breach 2025: 34,675 Affected by Improper Disposal of Paper Records
Anesthesia Associates of Morristown, P.A. (Morristown, NJ) filed a HIPAA breach notification with HHS OCR on May 2, 2025 reporting 34,675 individuals affected by an Improper Disposal incident involving Paper/Films. A business associate was involved. No entity notice, NJ AG filing, or class action has surfaced as of mid-May 2026. Here is what is known and what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
May 2, 2025
HHS OCR breach report filed (Improper Disposal at Paper/Films; business associate present)
May 2, 2025
HHS OCR breach report filed (Improper Disposal at Paper/Films; business associate present)
Data exposed
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
This is a paper-record improper-disposal incident, not a cyber attack. The HHS OCR portal classifies the breach as Improper Disposal at Paper/Films, with a business associate involved. That means physical patient records (charts, forms, films) were discarded, lost, or otherwise mishandled outside a secure shredding or destruction chain. No hacker, ransomware group, or network intrusion is alleged.
Timeline
- May 2, 2025 — Anesthesia Associates of Morristown, P.A. filed a HIPAA breach report with the HHS Office for Civil Rights, classified as Improper Disposal at location Paper/Films, business associate present: Yes. The initial public count was an interim placeholder; the figure now stands at 34,675 affected individuals.
The actual date the records were mishandled, and the date AAM discovered the disposal failure, have not been publicly disclosed beyond the May 2, 2025 OCR filing date.
What was exposed
The OCR portal entry itemizes only the location of the breached PHI (“Paper/Films”), not the data elements. AAM has not published a substitute notice or sample notification letter naming specific categories.
For an anesthesiology practice, the records most commonly held on paper or film include patient demographics, dates of service, anesthesia consent forms, anesthesia records (drugs, doses, vitals), pre-op evaluations, and billing identifiers. None of those categories are confirmed for this incident. Wait for your notification letter for the specific list.
What entity is offering
No public substitute notice or website incident page has been located on anesthesiaassociatesofmorristown.com. Affected patients should expect a mailed notification letter to the address on file. AAM’s published contact channels are:
- Phone: (973) 631-8119 (use the extension prompts)
- Mail: Anesthesia Associates of Morristown, P.O. Box 65, Convent Station, NJ 07961
Whether complimentary credit monitoring or identity-theft restoration is being offered is not public. The notification letter will state this.
Class-action posture
No class-action complaint has been located in the District of New Jersey or in state court as of mid-May 2026. No plaintiffs’ firm investigation announcement has surfaced from the firms that typically circle healthcare breaches of this size. Improper-disposal cases generate fewer class actions than hacking incidents because plaintiffs must show actual disclosure to a third party rather than presumed exposure to attackers. A 34,675-person count sits well above the threshold that usually draws plaintiffs’ interest, so this posture may change.
What to do
- Watch your mailbox for a notification letter from Anesthesia Associates of Morristown. Improper-disposal letters often arrive months after the OCR filing because the entity must reconstruct who was in the discarded records.
- Read the letter carefully. It will list the specific data elements involved in your records, the approximate dates of service covered, and any credit-monitoring or identity-protection offer.
- Place free credit freezes at Equifax, Experian, and TransUnion as a baseline precaution. This is the highest-leverage step against identity theft and it is free.
- Pull free credit reports at
annualcreditreport.comand review for unfamiliar accounts. - If you had anesthesia at a hospital served by AAM and never receive a letter, call (973) 631-8119 to confirm whether your records were in scope.
- Stop the ongoing flow of your records. HealthConsent files HIPAA restriction requests with healthcare providers, including limits on third-party records-destruction vendors, to reduce future disposal-chain risk.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (Improper Disposal, Paper/Films, business associate present).
- Anesthesia Associates of Morristown — practice homepage — published contact channels.
- calHIPAA Healthcare Data Breach Report for May 2025 — corroborates the Improper Disposal classification and notes the initial 501 figure was an interim placeholder pending investigation.
- ClaimDepot summary — third-party aggregator summary of the OCR filing and AAM contact information.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal (primary source)
- Anesthesia Associates of Morristown — practice homepage
- calHIPAA Healthcare Data Breach Report for May 2025 (lists AAM as Improper Disposal with interim placeholder count)
- ClaimDepot summary — Anesthesia Associates of Morristown
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.