Awakenings Center Data Breach 2025: 17,800 North Carolina Behavioral Health Patients Exposed. Couples & Sex Therapy Records. What To Do
Loving and Living Center, PC dba Awakenings Center, a Raleigh and Greensboro, North Carolina psychotherapy practice specializing in couples counseling, sex therapy, and individual mental health treatment, filed a HIPAA breach with HHS OCR on November 7, 2025 reporting 17,800 affected. Unauthorized access to electronic records exposed name, age, date of birth, gender, relationship status, employment status, city, and zip code. Multiple class-action investigations underway. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Sep 10, 2025
Awakenings Center detects unauthorized access to its electronic records system
Sep 10, 2025
Attacker gained access
Nov 7, 2025
HIPAA breach notification filed with HHS OCR (17,800 affected; Hacking/IT Incident; Network Server)
Dec 8, 2025
Law firms publicly announce class-action investigations
Sep 10, 2025
Awakenings Center detects unauthorized access to its electronic records system
Sep 10, 2025
Attacker gained access
Nov 7, 2025
HIPAA breach notification filed with HHS OCR (17,800 affected; Hacking/IT Incident; Network Server)
Dec 8, 2025
Law firms publicly announce class-action investigations
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Loving and Living Center, PC, doing business as Awakenings Center, is a private psychotherapy practice with offices in Raleigh (9205 Baileywick Road, Suite 200) and Greensboro (216-2 South Swing Road), North Carolina. The practice specializes in couples counseling, sex therapy, anxiety treatment, depression therapy, and other individual mental health services. On November 7, 2025, the practice filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights reporting that 17,800 individuals had their personal and protected health information exposed in a Hacking/IT Incident classified at “Network Server.”
Timeline
- On or about September 10, 2025 — Awakenings Center becomes aware that an unauthorized party accessed its electronic records system. The investigation finds the intruder may have acquired personally identifiable information and protected health information belonging to patients.
- November 7, 2025 — The practice files notice of the breach with HHS OCR, reporting 17,800 affected individuals under Hacking/IT Incident at Network Server.
- December 8, 2025 — Multiple plaintiffs’ firms publicly announce class-action investigations, including Strauss Borrelli PLLC, Lynch Carpenter LLP, and Levi & Korsinsky, LLP.
What was exposed
Per the entity’s own security notice and reporting from HIPAA Journal, the affected data elements include:
- Full name
- Age
- Date of birth
- Gender
- Relationship status
- Employment status
- City
- ZIP code
Awakenings has stated that no credit card or other financial information was involved. The exposure occurred from data fields inside the practice’s electronic clinical records system, which means the affected fields sit alongside (and are tied to) treatment records for couples, sex, and individual psychotherapy.
Why this breach is especially sensitive
This is a behavioral health breach where the contextual sensitivity outweighs what the field labels alone suggest. The exposed records sit inside an electronic system for a practice whose primary services are couples therapy, sex therapy, and treatment for anxiety, depression, and relationship-related mental health concerns. Mere identification as a patient of Awakenings Center reveals:
- A patient is in psychotherapy
- The likely treatment category (relationship distress, sexual health, individual mental health)
- Demographic context (relationship status, employment status, age) that, combined with the practice’s clinical focus, can be inferentially diagnostic
Behavioral health PHI carries heightened stigma risk in employment, custody, immigration, and insurance contexts. Even where mental health records are not protected by the stricter federal regime of 42 CFR Part 2 (which governs substance use disorder programs), HIPAA still applies — and the contextual sensitivity is comparable.
What Awakenings Center is offering
The entity’s public security notice does not announce complimentary credit monitoring, identity-theft insurance, or a managed identity-recovery service. Patients who have received a written notification letter should read that letter carefully — any offer of monitoring services and the enrollment deadline will be stated there.
Contact information published by the practice:
- Phone: (800) 701-4125
- Email: [email protected]
Class-action posture
As of this update, no consolidated class-action complaint has been confirmed in the public record. Three plaintiffs’ firms are publicly investigating: Strauss Borrelli PLLC, Lynch Carpenter LLP, and Levi & Korsinsky, LLP. Behavioral health breaches of this size typically attract one or more consolidated complaints within several months of OCR filing, often citing common-law negligence, breach of fiduciary duty, and state consumer-protection statutes.
What to do if you may be affected
- Read your notification letter carefully when it arrives — it will state the specific data elements exposed for you individually and any complimentary services the practice may offer.
- Place free credit freezes at all three nationwide bureaus (Equifax, Experian, TransUnion). Even though no financial data was reported in the breach, freezes are the strongest single defense against downstream identity theft.
- Be alert to targeted phishing and extortion. Threat actors who exfiltrate behavioral health records sometimes attempt to extort individual patients directly. Do not respond to unsolicited communications referencing your treatment; report them to the FBI’s IC3 portal.
- Document the exposure. If you choose to participate in a class action, keep copies of your notification letter, any monitoring enrollment materials, and any follow-on harms (suspicious account activity, identity-theft attempts, targeted phishing).
- Stop the ongoing flow of your behavioral health data. HealthConsent files HIPAA restriction requests so the highly sensitive treatment information held in records like these is not continuously re-shared beyond your current treatment relationship.
Sources
- Awakenings Counseling: Security Notice — the practice’s own published notice.
- HIPAA Journal: Davies, McFarland & Carroll; Awakenings Center Data Breaches — trade-press reporting confirming the 17,800 count and the legal entity name.
- Strauss Borrelli PLLC: Awakenings Center Data Breach Investigation — class-action investigation announcement and timeline detail (September 10, 2025 access; November 7, 2025 OCR filing).
- Lynch Carpenter LLP via GlobeNewswire — class-action investigation announcement.
- Levi & Korsinsky, LLP via AccessWire — class-action investigation announcement.
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Awakenings Counseling: Security Notice (entity's own notice)
- HIPAA Journal: Davies, McFarland & Carroll; Awakenings Center Data Breaches
- Strauss Borrelli PLLC: Awakenings Center Data Breach Investigation
- Lynch Carpenter LLP via GlobeNewswire: Awakenings Center Data Breach Claims Investigated
- Levi & Korsinsky, LLP via AccessWire: Awakenings Center Data Breach Investigation
- HHS Office for Civil Rights Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.