Coastal Carolina Health Care Data Breach 2026: 110,304 New Bern Patients Exposed. SSN in Scope. What To Do
Coastal Carolina Health Care, PA, a multi-specialty group based in New Bern, NC, disclosed in March 2026 a March 2025 network intrusion exposing names and Social Security numbers for 110,304 patients in Craven, Pamlico, and Carteret counties. 12 months Cyberscout credit monitoring + $1M identity theft insurance offered. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Mar 21, 2025
Unauthorized access began
Mar 28, 2025
Unusual activity detected; FBI notified
Feb 26, 2026
Forensic review confirms PHI involvement
Mar 23, 2026
Individual notification letters mailed
Mar 24, 2026
Filed with HHS OCR and New Hampshire AG
Mar 21, 2025
Unauthorized access began
Mar 28, 2025
Unusual activity detected; FBI notified
Feb 26, 2026
Forensic review confirms PHI involvement
Mar 23, 2026
Individual notification letters mailed
Mar 24, 2026
Filed with HHS OCR and New Hampshire AG
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Coastal Carolina Health Care, PA (CCHC) is a multi-specialty physician group headquartered at 1020 Medical Park Avenue, New Bern, North Carolina. It serves patients across Craven, Pamlico, and Carteret counties on the North Carolina coast.
Between March 21 and March 27, 2025, an unauthorized third party accessed and acquired data from CCHC’s network. CCHC detected the unusual activity on March 28, 2025, engaged an independent cybersecurity firm, and notified the FBI. The forensic review took roughly 11 months. On February 26, 2026, the review confirmed the scope of affected individuals. CCHC mailed individual notification letters on March 23, 2026 and filed with the New Hampshire Attorney General and HHS Office for Civil Rights on March 24, 2026 — confirming 110,304 affected individuals (34 NH residents, 18 RI residents disclosed in state filings).
No ransomware group has claimed responsibility for the intrusion. No data tied specifically to CCHC has been observed on dark-web leak sites.
What was stolen
The notification letter confirms exposed data included full name and Social Security number. Specific clinical detail beyond that was redacted in the public sample letter and not corroborated in state AG filings.
What CCHC is offering
- 12 months of complimentary credit monitoring + identity restoration via Cyberscout (TransUnion subsidiary)
- $1,000,000 identity theft insurance policy
- 90-day enrollment window from letter date
- Enrollment URL:
bfs.cyberscout.com/activate - Dedicated response line: 1-833-877-7488 (Monday to Friday, 8 a.m. to 8 p.m. Eastern)
What to do if you received a notification letter
- Enroll in Cyberscout before the 90-day window closes.
- Place free credit freezes at Equifax, Experian, and TransUnion.
- File IRS Form 14039 to prevent fraudulent tax-return filings.
- Review Explanation of Benefits statements for unfamiliar provider claims.
- Stop the ongoing flow of your health data. HealthConsent files HIPAA restriction requests across providers, insurers, HIEs, and prescription networks.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Sample Notification Letter
- New Hampshire AG: Coastal Carolina Filing
- HIPAA Journal: Six New Healthcare Data Breaches
- ClassAction.org: Coastal Carolina Health Care Case Page
- Coastal Carolina Health Care About Page
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.