Medical Center, LLP (Dublin Medical Center) Data Breach 2025: 32,090 Georgia Primary-Care Patients Exposed. SSN + Full Clinical Record in Scope. What To Do
Medical Center, LLP d/b/a Dublin Medical Center, a primary-care family-medicine practice in Dublin, Georgia, detected suspicious network activity on October 17, 2025 and filed a hacking/IT incident with HHS OCR on December 19, 2025 affecting 32,090 patients. Unauthorized access began October 7, 2025. Names, Social Security numbers, driver's license numbers, full medical records, radiology imaging, lab reports, medical consent forms, and health insurance information exfiltrated. Class-action filed in Laurens County Superior Court. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Oct 7, 2025
Unauthorized third party gains access to network
Oct 17, 2025
Suspicious activity detected on Dublin Medical Center network
Dec 9, 2025
Class-action complaint filed: Patisaul v. Medical Center, LLP (Laurens County Superior Court, 25-CG-0986-JG)
Dec 17, 2025
Individual notification letters mailed to affected patients
Dec 19, 2025
Filed with HHS Office for Civil Rights as 'Medical Center, LLP' — 32,090 affected
Oct 7, 2025
Unauthorized third party gains access to network
Oct 17, 2025
Suspicious activity detected on Dublin Medical Center network
Dec 9, 2025
Class-action complaint filed: Patisaul v. Medical Center, LLP (Laurens County Superior Court, 25-CG-0986-JG)
Dec 17, 2025
Individual notification letters mailed to affected patients
Dec 19, 2025
Filed with HHS Office for Civil Rights as 'Medical Center, LLP' — 32,090 affected
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Medical Center, LLP, doing business as Dublin Medical Center, is a primary-care family-medicine practice in Dublin, Georgia (Laurens County, central Georgia) that confirmed a hacking/IT incident exposing the full clinical records of 32,090 patients, with notification letters mailed on December 17, 2025 and the breach filed with HHS OCR on December 19, 2025.
Timeline
- October 7, 2025 — An unauthorized third party gained access to Dublin Medical Center’s network.
- October 17, 2025 — The practice detected suspicious activity on its computer network and began an investigation.
- December 9, 2025 — A putative class-action complaint, Tammy Patisaul v. Medical Center, LLP d/b/a Dublin Medical Center, was filed in the Superior Court of Laurens County, Georgia (Case No. 25-CG-0986-JG).
- December 17, 2025 — Individual notification letters began being mailed to affected patients.
- December 19, 2025 — The incident was reported to the HHS Office for Civil Rights under the name “Medical Center, LLP” as a hacking/IT incident on a network server, affecting 32,090 individuals.
What was exposed
Per the substitute notice and HIPAA Journal’s reporting, the data types varied by individual and included names in combination with some or all of the following:
- Contact information (address, phone)
- Date of birth
- Social Security number
- Driver’s license number
- Account numbers and claim numbers
- Patient identification number
- Patient status, provider name, dates of service
- Diagnosis and treatment information
- Prescriptions
- Medical history
- Radiology imaging and reports
- Medical consent forms
- Lab reports
- Health insurance information
The combination of full Social Security number, driver’s license number, and complete clinical detail (including imaging and consent forms) places this breach in the high-severity tier for downstream identity theft, medical identity theft, and insurance fraud.
What entity is offering
Dublin Medical Center’s public response, as reported by HIPAA Journal and ClaimDepot, has been notably limited:
- A toll-free response line (888-367-0574, per HIPAA Journal; 888-367-4574 per ClaimDepot — affected patients should rely on the number printed in their individual notification letter).
- Recommendations to “remain vigilant” by reviewing account statements, ordering free annual credit reports, and reviewing explanation-of-benefits statements.
- Recommendations to consider a fraud alert or security freeze on credit files through the major consumer reporting agencies.
Public reporting does not confirm that Dublin Medical Center is providing complimentary credit monitoring or identity-theft insurance to affected patients. That is a notable omission given Social Security numbers and driver’s license numbers are in scope. Affected individuals should consult their specific notification letter for any enrollment offer.
Class-action posture
A putative class-action complaint was filed in the Superior Court of Laurens County, Georgia on December 9, 2025, eight days before the practice mailed notification letters, under the caption Tammy Patisaul v. Medical Center, LLP d/b/a Dublin Medical Center, Case No. 25-CG-0986-JG. The case is docketed in the Laurens County state court system and tracked publicly on Trellis.law.
In parallel, two national plaintiff firms have publicly announced investigations of potential claims:
- Federman & Sherwood (Oklahoma City), announced January 22, 2026.
- Lynch Carpenter LLP, announced January 14, 2026 via GlobeNewswire press release.
Both firms are evaluating whether the practice implemented reasonable data-security safeguards prior to the intrusion.
What to do
- Place free credit freezes at Equifax, Experian, and TransUnion. Full SSN and driver’s license are in scope. A freeze, not a fraud alert, is the appropriate response.
- File IRS Form 14039 (Identity Theft Affidavit) to block fraudulent tax-return filings tied to your SSN.
- Replace your driver’s license if you receive any evidence it has been used fraudulently. Georgia DDS will issue a new number on request when identity theft is documented.
- Review every Explanation of Benefits statement for the next 24 months for unfamiliar provider claims. Medical identity theft is the primary downstream harm when full clinical records (imaging, prescriptions, diagnoses) are exfiltrated.
- Request a copy of your medical record from Dublin Medical Center and any provider it has shared records with, so you have a baseline to dispute fraudulent additions.
- Stop the ongoing flow of your health data. HealthConsent files HIPAA restriction requests across providers, insurers, HIEs, and prescription networks so a breached practice’s exposure does not propagate.
Sources
- HIPAA Journal: Vida Y Salud & Dublin Medical Center Confirm Data Breaches
- Federman & Sherwood: Medical Center, LLP Data Breach Investigation
- Lynch Carpenter LLP via GlobeNewswire (Jan 14, 2026)
- ClaimDepot: Dublin Medical Center Breach Summary
- Trellis.law: Patisaul v. Medical Center, LLP d/b/a Dublin Medical Center (25-CG-0986-JG, Laurens County Superior Court)
- Dublin Medical Center — Practice Website
- HHS OCR Breach Portal
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HIPAA Journal: Vida Y Salud & Dublin Medical Center Confirm Data Breaches
- Federman & Sherwood: Medical Center, LLP Data Breach Investigation
- Lynch Carpenter LLP: Medical Center, LLP Data Breach Claims (GlobeNewswire, Jan 14 2026)
- ClaimDepot: Dublin Medical Center Breach Summary
- Trellis.law: Patisaul v. Medical Center, LLP d/b/a Dublin Medical Center (25-CG-0986-JG)
- Dublin Medical Center — Practice Website
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.