12,000-Record Data Breach Announced by New York Plastic Surgery Practice
Data breaches have recently been reported by Pearlman Aesthetic Surgery and Associated Radiologists of the Finger Lakes in New York and Fast Pace Urgent Care in Tennessee.
Pearlman Aesthetic Surgery
Steven J. Pearlman, MD, PC, a well-known plastic surgeon and the owner of Pearlman Aesthetic Surgery, a popular plastic surgery practice in Manhattan, New York, has recently reported a breach of the protected health information of 11,764 individuals to the HHS’ Office for Civil Rights (OCR).
The specifics of the data breach have yet to be publicly disclosed, other than it being a hacking/IT incident. The incident was reported to OCR on November 9, 2025, and there is currently no substitute data breach notice on the Pearlman Aesthetic Surgery website.
This post will be updated when further information becomes available.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Associated Radiologists of the Finger Lakes
Associated Radiologists of the Finger Lakes, a network of interventional and diagnostic radiology centers in Elmira, NY, and the surrounding areas, has identified unauthorized access to its computer network. Anomalous activity was identified on October 30, 2025, and the investigation confirmed unauthorized access to a subset of its network, starting on October 28, 2025. Over two days, patient data may have been viewed or copied.
The file review is currently ongoing, and notification letters will be sent to the affected individuals when the review is completed. While the specific types of data involved have yet to be confirmed, based on the information collected to date, the types of data involved include names, addresses, medical record numbers, Social Security numbers, dates of birth, clinical/treatment information, medical procedure information, medical provider names, prescription information, and health insurance information. Associated Radiologists of the Finger Lakes has reviewed and enhanced its technical, administrative, and physical safeguards, policies, and procedures to reduce the risk of similar incidents in the future.
The incident has been reported to the HHS’ Office for Civil Rights with a placeholder figure of at least 501 individuals.
Fast Pace Urgent Care (FPMCM)
Fast Pace Urgent Care in Tennessee has announced a HIPAA breach at its business associate, FPMCM, LLC. On August 12, 2025, an FPMCM employee received a legitimate request for the protected health information of a single patient. When responding to that request, the employee inadvertently sent a document containing the protected health information of 2,072 patients.
The privacy violation was identified the following day, and an investigation was launched. The investigation has recently concluded and confirmed that the information impermissibly disclosed included names, dates of service, internal account numbers, billing codes, insurance information, and potentially health insurance claim numbers.
The recipient of the email confirmed that the email and the attached document have been deleted, no copies have been retained, and the information was not further disclosed. Additional safeguards have been implemented to prevent similar incidents in the future. While the affected individuals are not believed to be at risk, they have been advised to review their Explanation of Benefits statements as a best practice.
