Carrollton Ear, Nose and Throat, PC Data Breach 2025: 3,569 Patients Exposed in INC Ransom Attack on Georgia ENT Practice
Carrollton Ear, Nose and Throat, PC, a Carrollton, Georgia ENT practice, was hit by the INC Ransom extortion group, which claimed the attack on its data-leak site on August 5, 2025. The practice filed a HIPAA breach notification with HHS OCR on August 29, 2025, reporting 3,569 affected individuals in a Hacking/IT Incident at Network Server. Plaintiff-side firms have opened class-action investigations; exposed data is reported to include names, Social Security numbers, and medical or health information.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Aug 5, 2025
INC Ransom extortion group adds Carrollton Ear, Nose and Throat to its data-leak site, publicly claiming responsibility
Aug 29, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (3,569 individuals; Hacking/IT Incident at Network Server)
Sep 12, 2025
Federman & Sherwood publicly opens class-action data-breach investigation
Aug 5, 2025
INC Ransom extortion group adds Carrollton Ear, Nose and Throat to its data-leak site, publicly claiming responsibility
Aug 29, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (3,569 individuals; Hacking/IT Incident at Network Server)
Sep 12, 2025
Federman & Sherwood publicly opens class-action data-breach investigation
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Carrollton Ear, Nose and Throat, PC, an otolaryngology practice based in Carrollton, Georgia, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on August 29, 2025, reporting 3,569 affected individuals in a Hacking/IT Incident at a Network Server. The OCR filing is the federal regulatory record. Independent ransomware-tracking sources, including Ransomware.live and HookPhish, establish that the INC Ransom extortion group (also reported as incransom) posted Carrollton ENT to its data-leak site on August 5, 2025, publicly claiming responsibility for the intrusion. On September 12, 2025, plaintiff-side firm Federman & Sherwood opened a class-action investigation and identified the exposed data set as including names, Social Security numbers, medical or health information, and other sensitive personal information.
Timeline
- August 5, 2025 — INC Ransom adds Carrollton Ear, Nose and Throat to its data-leak site, publicly claiming responsibility and signaling exfiltration of patient data. This is the earliest confirmed public indicator of the intrusion.
- August 29, 2025 — Carrollton ENT files its HIPAA breach notification with HHS OCR for 3,569 individuals, characterized as a Hacking/IT Incident at Network Server.
- September 12, 2025 — Federman & Sherwood publicly opens a data-breach investigation on behalf of potential class members and identifies names, Social Security numbers, and medical or health information as among the exposed data types.
What was exposed
Per the Federman & Sherwood investigation summary, the compromised data set is reported to include:
- Names
- Social Security numbers
- Medical or health information
- Other sensitive personal information
The combination of Social Security numbers with clinical or health information is consistent with INC Ransom’s typical exfiltration pattern against healthcare targets. The OCR portal entry, by itself, only confirms the breach as a Hacking/IT Incident at Network Server. The data-element list reflects plaintiff-side reporting; the entity’s own substitute notice or individual notification letter has not been verified at the time of this update.
What Carrollton ENT is offering
No public confirmation of credit-monitoring duration or identity-theft-protection services has been verified at the time of this update. Individual notification letters typically itemize the specific data elements exposed for each recipient and the terms of any complimentary monitoring offer. Treat the contents of your individual letter as authoritative for your particular exposure.
Class-action posture
Federman & Sherwood has publicly opened a data-breach investigation into Carrollton Ear, Nose and Throat, PC and is soliciting affected individuals for a potential class action. No filed complaint or settlement has been confirmed at this time. This page will be updated as docket activity becomes available.
What to do if you may be affected
- Freeze your credit with Equifax, Experian, and TransUnion. With Social Security numbers reported to be exposed, a freeze is materially more protective than monitoring alone. It is free, reversible, and takes about ten minutes per bureau.
- Watch for your individual notification letter. It will list the specific data elements exposed for you and any complimentary credit-monitoring offer. Enrollment codes are typically single-use.
- Enroll in any monitoring offered. Even short-duration coverage is useful as an early-warning tripwire for misuse of your Social Security number.
- Review your medical record and Explanations of Benefits. Medical or health information was reported as exposed. Check for services you did not receive, which can indicate medical identity theft.
- Be alert to targeted phishing. Threat actors who know you are a Carrollton ENT patient and have your name and date of birth can craft highly convincing follow-on scams, including fake “settlement administrator” or “credit-monitoring” outreach. Do not provide payment or account details over the phone, and use only contact information from the official notification letter or the entity’s website.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-08-29, 3,569 individuals, Hacking/IT Incident, Network Server).
- Federman & Sherwood — Carrollton Ear, Nose and Throat, PC Data Breach Investigation — exposed-data list (names, Social Security numbers, medical or health information), investigation announcement dated September 12, 2025.
- Ransomware.live — Carrollton Ear Nose and Throat (INC Ransom victim record) — INC Ransom attribution and leak-site claim date of August 5, 2025.
- HookPhish — Ransomware Group incransom Hits: Carrollton Ear Nose and Throat — corroborating INC Ransom attribution and August 5, 2025 claim date.
- Dark Web Informer — INC Ransom Claim on Carrollton Ear Nose and Throat — independent confirmation of INC Ransom leak-site posting.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Federman & Sherwood — Carrollton Ear, Nose and Throat, PC Data Breach Investigation
- Ransomware.live — Carrollton Ear Nose and Throat (INC Ransom victim record)
- HookPhish — Ransomware Group incransom Hits: Carrollton Ear Nose and Throat
- Dark Web Informer — INC Ransom Claim on Carrollton Ear Nose and Throat
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.