Active breach tracker Raleigh & Greensboro, NC Disclosed November 7, 2025

Awakenings Center Data Breach 2025: 17,800 North Carolina Behavioral Health Patients Exposed. Couples & Sex Therapy Records. What To Do

Loving and Living Center, PC dba Awakenings Center, a Raleigh and Greensboro, North Carolina psychotherapy practice specializing in couples counseling, sex therapy, and individual mental health treatment, filed a HIPAA breach with HHS OCR on November 7, 2025 reporting 17,800 affected. Unauthorized access to electronic records exposed name, age, date of birth, gender, relationship status, employment status, city, and zip code. Multiple class-action investigations underway. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Sep 10, 2025

Awakenings Center detects unauthorized access to its electronic records system

Sep 10, 2025

Attacker gained access

Nov 7, 2025

HIPAA breach notification filed with HHS OCR (17,800 affected; Hacking/IT Incident; Network Server)

Dec 8, 2025

Law firms publicly announce class-action investigations

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth

02

Health records

Don't expire and can't be reissued

Protected health information from electronic clinical records (behavioral health, couples, and sex therapy context)

03

Contact & insurance

Phishing + targeted scams

Full name Age Gender Relationship status Employment status City ZIP code

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Strauss Borrelli PLLC (publicly investigating) Lynch Carpenter LLP (publicly investigating) Levi & Korsinsky, LLP (publicly investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Loving and Living Center, PC, doing business as Awakenings Center, is a private psychotherapy practice with offices in Raleigh (9205 Baileywick Road, Suite 200) and Greensboro (216-2 South Swing Road), North Carolina. The practice specializes in couples counseling, sex therapy, anxiety treatment, depression therapy, and other individual mental health services. On November 7, 2025, the practice filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights reporting that 17,800 individuals had their personal and protected health information exposed in a Hacking/IT Incident classified at “Network Server.”

Timeline

  • On or about September 10, 2025 — Awakenings Center becomes aware that an unauthorized party accessed its electronic records system. The investigation finds the intruder may have acquired personally identifiable information and protected health information belonging to patients.
  • November 7, 2025 — The practice files notice of the breach with HHS OCR, reporting 17,800 affected individuals under Hacking/IT Incident at Network Server.
  • December 8, 2025 — Multiple plaintiffs’ firms publicly announce class-action investigations, including Strauss Borrelli PLLC, Lynch Carpenter LLP, and Levi & Korsinsky, LLP.

What was exposed

Per the entity’s own security notice and reporting from HIPAA Journal, the affected data elements include:

  • Full name
  • Age
  • Date of birth
  • Gender
  • Relationship status
  • Employment status
  • City
  • ZIP code

Awakenings has stated that no credit card or other financial information was involved. The exposure occurred from data fields inside the practice’s electronic clinical records system, which means the affected fields sit alongside (and are tied to) treatment records for couples, sex, and individual psychotherapy.

Why this breach is especially sensitive

This is a behavioral health breach where the contextual sensitivity outweighs what the field labels alone suggest. The exposed records sit inside an electronic system for a practice whose primary services are couples therapy, sex therapy, and treatment for anxiety, depression, and relationship-related mental health concerns. Mere identification as a patient of Awakenings Center reveals:

  • A patient is in psychotherapy
  • The likely treatment category (relationship distress, sexual health, individual mental health)
  • Demographic context (relationship status, employment status, age) that, combined with the practice’s clinical focus, can be inferentially diagnostic

Behavioral health PHI carries heightened stigma risk in employment, custody, immigration, and insurance contexts. Even where mental health records are not protected by the stricter federal regime of 42 CFR Part 2 (which governs substance use disorder programs), HIPAA still applies — and the contextual sensitivity is comparable.

What Awakenings Center is offering

The entity’s public security notice does not announce complimentary credit monitoring, identity-theft insurance, or a managed identity-recovery service. Patients who have received a written notification letter should read that letter carefully — any offer of monitoring services and the enrollment deadline will be stated there.

Contact information published by the practice:

Class-action posture

As of this update, no consolidated class-action complaint has been confirmed in the public record. Three plaintiffs’ firms are publicly investigating: Strauss Borrelli PLLC, Lynch Carpenter LLP, and Levi & Korsinsky, LLP. Behavioral health breaches of this size typically attract one or more consolidated complaints within several months of OCR filing, often citing common-law negligence, breach of fiduciary duty, and state consumer-protection statutes.

What to do if you may be affected

  1. Read your notification letter carefully when it arrives — it will state the specific data elements exposed for you individually and any complimentary services the practice may offer.
  2. Place free credit freezes at all three nationwide bureaus (Equifax, Experian, TransUnion). Even though no financial data was reported in the breach, freezes are the strongest single defense against downstream identity theft.
  3. Be alert to targeted phishing and extortion. Threat actors who exfiltrate behavioral health records sometimes attempt to extort individual patients directly. Do not respond to unsolicited communications referencing your treatment; report them to the FBI’s IC3 portal.
  4. Document the exposure. If you choose to participate in a class action, keep copies of your notification letter, any monitoring enrollment materials, and any follow-on harms (suspicious account activity, identity-theft attempts, targeted phishing).
  5. Stop the ongoing flow of your behavioral health data. HealthConsent files HIPAA restriction requests so the highly sensitive treatment information held in records like these is not continuously re-shared beyond your current treatment relationship.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.