Active breach tracker New Bern, NC Disclosed March 24, 2026

Coastal Carolina Health Care Data Breach 2026: 110,304 New Bern Patients Exposed. SSN in Scope. What To Do

Coastal Carolina Health Care, PA, a multi-specialty group based in New Bern, NC, disclosed in March 2026 a March 2025 network intrusion exposing names and Social Security numbers for 110,304 patients in Craven, Pamlico, and Carteret counties. 12 months Cyberscout credit monitoring + $1M identity theft insurance offered. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Mar 21, 2025

Unauthorized access began

Mar 28, 2025

Unusual activity detected; FBI notified

Feb 26, 2026

Forensic review confirms PHI involvement

Mar 23, 2026

Individual notification letters mailed

Mar 24, 2026

Filed with HHS OCR and New Hampshire AG

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number

03

Contact & insurance

Phishing + targeted scams

Full name

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Zimmerman Law Office (publicly investigating) Vasquez Law Firm (publicly investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

Coastal Carolina Health Care, PA (CCHC) is a multi-specialty physician group headquartered at 1020 Medical Park Avenue, New Bern, North Carolina. It serves patients across Craven, Pamlico, and Carteret counties on the North Carolina coast.

Between March 21 and March 27, 2025, an unauthorized third party accessed and acquired data from CCHC’s network. CCHC detected the unusual activity on March 28, 2025, engaged an independent cybersecurity firm, and notified the FBI. The forensic review took roughly 11 months. On February 26, 2026, the review confirmed the scope of affected individuals. CCHC mailed individual notification letters on March 23, 2026 and filed with the New Hampshire Attorney General and HHS Office for Civil Rights on March 24, 2026 — confirming 110,304 affected individuals (34 NH residents, 18 RI residents disclosed in state filings).

No ransomware group has claimed responsibility for the intrusion. No data tied specifically to CCHC has been observed on dark-web leak sites.

What was stolen

The notification letter confirms exposed data included full name and Social Security number. Specific clinical detail beyond that was redacted in the public sample letter and not corroborated in state AG filings.

What CCHC is offering

  • 12 months of complimentary credit monitoring + identity restoration via Cyberscout (TransUnion subsidiary)
  • $1,000,000 identity theft insurance policy
  • 90-day enrollment window from letter date
  • Enrollment URL: bfs.cyberscout.com/activate
  • Dedicated response line: 1-833-877-7488 (Monday to Friday, 8 a.m. to 8 p.m. Eastern)

What to do if you received a notification letter

  1. Enroll in Cyberscout before the 90-day window closes.
  2. Place free credit freezes at Equifax, Experian, and TransUnion.
  3. File IRS Form 14039 to prevent fraudulent tax-return filings.
  4. Review Explanation of Benefits statements for unfamiliar provider claims.
  5. Stop the ongoing flow of your health data. HealthConsent files HIPAA restriction requests across providers, insurers, HIEs, and prescription networks.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.