Active breach tracker Carrollton, Georgia Disclosed August 29, 2025

Carrollton Ear, Nose and Throat, PC Data Breach 2025: 3,569 Patients Exposed in INC Ransom Attack on Georgia ENT Practice

Carrollton Ear, Nose and Throat, PC, a Carrollton, Georgia ENT practice, was hit by the INC Ransom extortion group, which claimed the attack on its data-leak site on August 5, 2025. The practice filed a HIPAA breach notification with HHS OCR on August 29, 2025, reporting 3,569 affected individuals in a Hacking/IT Incident at Network Server. Plaintiff-side firms have opened class-action investigations; exposed data is reported to include names, Social Security numbers, and medical or health information.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Aug 5, 2025

INC Ransom extortion group adds Carrollton Ear, Nose and Throat to its data-leak site, publicly claiming responsibility

Aug 29, 2025

HIPAA breach notification filed with HHS Office for Civil Rights (3,569 individuals; Hacking/IT Incident at Network Server)

Sep 12, 2025

Federman & Sherwood publicly opens class-action data-breach investigation

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers

03

Contact & insurance

Phishing + targeted scams

Names Medical or health information Other sensitive personal information
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Carrollton Ear, Nose and Throat, PC, an otolaryngology practice based in Carrollton, Georgia, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on August 29, 2025, reporting 3,569 affected individuals in a Hacking/IT Incident at a Network Server. The OCR filing is the federal regulatory record. Independent ransomware-tracking sources, including Ransomware.live and HookPhish, establish that the INC Ransom extortion group (also reported as incransom) posted Carrollton ENT to its data-leak site on August 5, 2025, publicly claiming responsibility for the intrusion. On September 12, 2025, plaintiff-side firm Federman & Sherwood opened a class-action investigation and identified the exposed data set as including names, Social Security numbers, medical or health information, and other sensitive personal information.

Timeline

  • August 5, 2025 — INC Ransom adds Carrollton Ear, Nose and Throat to its data-leak site, publicly claiming responsibility and signaling exfiltration of patient data. This is the earliest confirmed public indicator of the intrusion.
  • August 29, 2025 — Carrollton ENT files its HIPAA breach notification with HHS OCR for 3,569 individuals, characterized as a Hacking/IT Incident at Network Server.
  • September 12, 2025 — Federman & Sherwood publicly opens a data-breach investigation on behalf of potential class members and identifies names, Social Security numbers, and medical or health information as among the exposed data types.

What was exposed

Per the Federman & Sherwood investigation summary, the compromised data set is reported to include:

  • Names
  • Social Security numbers
  • Medical or health information
  • Other sensitive personal information

The combination of Social Security numbers with clinical or health information is consistent with INC Ransom’s typical exfiltration pattern against healthcare targets. The OCR portal entry, by itself, only confirms the breach as a Hacking/IT Incident at Network Server. The data-element list reflects plaintiff-side reporting; the entity’s own substitute notice or individual notification letter has not been verified at the time of this update.

What Carrollton ENT is offering

No public confirmation of credit-monitoring duration or identity-theft-protection services has been verified at the time of this update. Individual notification letters typically itemize the specific data elements exposed for each recipient and the terms of any complimentary monitoring offer. Treat the contents of your individual letter as authoritative for your particular exposure.

Class-action posture

Federman & Sherwood has publicly opened a data-breach investigation into Carrollton Ear, Nose and Throat, PC and is soliciting affected individuals for a potential class action. No filed complaint or settlement has been confirmed at this time. This page will be updated as docket activity becomes available.

What to do if you may be affected

  • Freeze your credit with Equifax, Experian, and TransUnion. With Social Security numbers reported to be exposed, a freeze is materially more protective than monitoring alone. It is free, reversible, and takes about ten minutes per bureau.
  • Watch for your individual notification letter. It will list the specific data elements exposed for you and any complimentary credit-monitoring offer. Enrollment codes are typically single-use.
  • Enroll in any monitoring offered. Even short-duration coverage is useful as an early-warning tripwire for misuse of your Social Security number.
  • Review your medical record and Explanations of Benefits. Medical or health information was reported as exposed. Check for services you did not receive, which can indicate medical identity theft.
  • Be alert to targeted phishing. Threat actors who know you are a Carrollton ENT patient and have your name and date of birth can craft highly convincing follow-on scams, including fake “settlement administrator” or “credit-monitoring” outreach. Do not provide payment or account details over the phone, and use only contact information from the official notification letter or the entity’s website.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.