Active breach tracker Monroe, Louisiana Disclosed February 2, 2025

Primary Health Services Center Data Breach 2025: 17,202 Patients · Louisiana FQHC Hacking/IT Incident · INC RANSOM Posted Data

Primary Health Services Center, Inc. (PHSC), the federally qualified health center serving Ouachita, Morehouse, and Lincoln parishes in northeast Louisiana, filed a HIPAA breach notification with HHS OCR on or about February 2, 2025 reporting 17,202 affected individuals from a Hacking/IT Incident affecting a network server. Unauthorized network access was discovered on or about December 4, 2024; forensic data review completed June 2, 2025; mailed notifications began July 10, 2025. Exposed elements include names, Social Security numbers, driver's license or state ID numbers, medical records, health insurance information, and payment information. The INC RANSOM (Incransom) extortion group posted PHSC on its dark-web leak site in late December 2024. PHSC is offering twelve months of complimentary credit monitoring and identity-theft protection.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 28, 2024

Estimated initial unauthorized access window per ransomware.live indexing of the INC RANSOM listing

Dec 4, 2024

PHSC discovers unauthorized third-party activity on its network; systems secured and forensic investigation begins

Dec 4, 2024

Attacker gained access

Dec 27, 2024

INC RANSOM (Incransom) posts PHSC on its dark-web leak site with sample data and exfiltration claim

Feb 2, 2025

HHS OCR breach filing: 17,202 affected; Hacking/IT Incident; Network Server

Jun 2, 2025

Forensic data-review completed; affected individuals and data elements identified

Jul 10, 2025

Individual notification letters mailed; 12 months of complimentary credit monitoring and identity-theft protection offered

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license or state-issued ID numbers

02

Health records

Don't expire and can't be reissued

Medical records / protected health information

03

Contact & insurance

Phishing + targeted scams

Names Health insurance information Payment information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Claim Depot — publicly soliciting affected-individual intake (no docketed case identified as of this update)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Primary Health Services Center, Inc. (“PHSC”), the federally qualified health center that has served Ouachita, Morehouse, and Lincoln parishes in northeast Louisiana since 1997, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on or about February 2, 2025, reporting 17,202 affected individuals in a Hacking/IT Incident affecting a network server. PHSC’s own data-security notice states the intrusion was discovered on or about December 4, 2024; the forensic data review completed June 2, 2025; and individual notification letters began going out July 10, 2025. The INC RANSOM (Incransom) extortion group separately posted PHSC on its dark-web leak site in late December 2024.

Timeline

  • On or about November 28, 2024 — Estimated initial unauthorized access window, per ransomware.live’s indexing of the INC RANSOM listing.
  • December 4, 2024 — PHSC discovers unauthorized third-party activity on its computer network, secures systems, and engages outside forensic experts. Law enforcement is notified.
  • December 27, 2024 — INC RANSOM (Incransom) lists PHSC on its dark-web victim portal with screenshots indicating exfiltrated data.
  • On or about February 2, 2025 — Breach reported to HHS OCR: 17,202 individuals, Hacking/IT Incident, Network Server. The OCR investigation is open as of this update.
  • June 2, 2025 — Forensic data review concludes; PHSC identifies the affected individuals and specific data elements exposed for each.
  • July 10, 2025 — Individual notification letters mailed by U.S. mail; twelve months of complimentary credit monitoring and identity-theft protection offered through a third-party provider, with a toll-free assistance line (1-833-380-4912).

What was exposed

According to PHSC’s notice and trade-press coverage of the notification, the data elements implicated for at least some individuals include:

  • Names
  • Social Security numbers
  • Driver’s license or state-issued ID numbers
  • Medical records and other protected health information
  • Health insurance information
  • Payment information

PHSC’s notice emphasizes that the affected elements vary by individual; not every patient had every element exposed. INC RANSOM publicly claimed exfiltration on its leak site and posted sample screenshots, which the threat-actor community treats as standard pre-publication leverage for double-extortion. PHSC has stated it has no evidence of actual misuse, but that statement does not preclude future misuse, particularly given that Social Security numbers do not change.

Sensitive-population considerations (FQHC)

PHSC is a federally qualified health center. FQHCs are HRSA-supported safety-net clinics that, by statutory mandate, serve patients regardless of ability to pay. PHSC’s catchment in Ouachita, Morehouse, and Lincoln parishes is among the more economically distressed in Louisiana, and its service mix includes behavioral health, OB/GYN, pediatric care, and substance-use counseling. Two consequences follow from that mission.

  • The exposed data set is unusually sensitive in aggregate. A combined leak of Social Security number, driver’s license number, and health-insurance enrollment status is the canonical identity-theft starter kit, and it is more damaging for people with thin credit files, unstable housing, or limited time and resources to contest fraudulent accounts. Payment information layered on top creates exposure to card and ACH fraud.
  • Categories of treatment carry stigma and discrimination risk. PHSC provides behavioral health, OB/GYN, and substance-use counseling. Disclosure of medical-records data tied to an identified patient can affect housing, employment, custody, and immigration matters in ways a fraud-only framing understates. Substance-use treatment records may carry additional 42 CFR Part 2 protections; OCR began enforcing Part 2 under a unified rule in February 2026.

What PHSC is offering

PHSC is offering eligible individuals twelve months of complimentary credit monitoring and identity-theft protection services at no cost, per its data-security incident page. The notice references a dedicated toll-free assistance line at 1-833-380-4912 (Monday-Friday, 8:00 a.m. to 8:00 p.m. ET, excluding holidays). PHSC has also stated it implemented additional cybersecurity controls and enhanced monitoring after the incident.

Class-action posture

No docketed putative class action against PHSC has been identified as of this update. Plaintiff-side aggregator Claim Depot is publicly soliciting affected-individual intake. The HHS OCR investigation is open; the Louisiana Attorney General’s data-breach notifications page is the standard state-level docket for affected Louisiana residents. We will update this page as filings appear.

What to do if you may be affected

  • Read the notification letter carefully. It lists the specific data elements involved for you and the activation code for the credit-monitoring offer. Do not let the enrollment deadline lapse.
  • Place a credit freeze with Equifax, Experian, and TransUnion. A freeze is free, separate from credit monitoring, and is the single most effective control against new-account identity theft. Because driver’s license numbers were involved, consider requesting a new license number from the Louisiana Office of Motor Vehicles if your letter confirms yours was exposed.
  • File an IRS Identity Protection PIN request at IRS.gov. Tax-refund fraud is one of the most common downstream uses of stolen SSN combinations.
  • Watch for PHSC-themed phishing. Threat actors who post stolen data routinely follow up with phishing emails, SMS, and phone calls impersonating the breached entity’s “support team.” PHSC will not ask you for your SSN or password by email or text.
  • Review your health-insurance Explanation of Benefits statements for services you did not receive. Medical-identity fraud is a recurring downstream use of stolen health-insurance details.
  • If you are a PHSC behavioral-health, OB/GYN, or substance-use counseling patient, the medical-records disclosure carries discrimination risks that go beyond financial fraud. Document any adverse housing, employment, or benefits decisions you suspect are linked to disclosure; substance-use records may also carry 42 CFR Part 2 protections.
  • Preserve your legal options. If you receive a PHSC notice, retain it. The OCR investigation is open and plaintiff-side intake is active.

Sources

We confirm these details directly against the PHSC entity notice, the HHS OCR portal record, and the cited reporting; this page will be updated as the OCR investigation advances or as class-action filings appear.

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.