Tulane University Medical Group Notifies Patients of Data Breach
Tulane University Medical Group (“TUMG”) is publishing this notice to inform the community about a recent data security breach involving the protected health information of certain TUMG patients.
On November 10, 2025, an unauthorized party gained access to certain TUMG email accounts through a phishing cyberattack. TUMG promptly took steps to investigate this incident and mitigate potential harm, including conducting a forensic analysis of the affected accounts, removing the unauthorized party’s access, and reviewing the files involved in the breach. On November 18, 2025, TUMG discovered this breach may have involved protected health information.
Not all individuals were affected in the same manner, but in most cases, the types of information involved included individuals’ demographic information, such as first, middle, and/or last name, date of birth, or contact information; and clinical information, such as diagnosis or treatment information, prescription information, medical record number, health insurance number, or dates of service or evaluation. In a few cases, individuals’ driver’s license numbers or full or partial Social Security Numbers were involved.
Affected individuals have been or will soon be notified by mail, but TUMG is posting this notice in an effort to reach individuals for whom TUMG does not have complete or up-to-date contact information.
Protecting patient privacy is TUMG’s utmost concern. In an effort to prevent something like this from happening again, TUMG has implemented additional security safeguards, including conducting additional security awareness training for TUMG workforce members. We also want to ensure patients are aware of the additional steps they can take to guard against the use of their data and protect themselves from potential harm resulting from this breach. Patients should remain vigilant against attacks by reviewing account statements and monitoring free credit reports and personal accounts for suspicious activity.
For individuals whose Social Security Numbers were involved, TUMG is offering free credit monitoring, which includes features such as a fraud alert, security freeze, and free credit report.
Tulane is continuing to investigate this incident with respect to any non-patients whose information may have been involved in the breach and will provide more information to other affected persons as it becomes available.
We deeply regret any inconvenience or concern this breach may cause. If you suspect you were affected by this incident, you may contact us toll free at 855-815-3936, Monday through Friday, between 8:00 a.m. to 8:00 p.m., Central Time, with questions or concerns, or to get information on how you can obtain free credit monitoring if eligible.
You may also contact one of the major consumer reporting agencies: (1) Equifax, P.O. Box 740241, Atlanta, GA 30374, 1-888-378-4329; (2) Experian, P.O. Box 2002, Allen, TX 75013, 1-888-397-3742; (3) TransUnion, P.O. Box 2000, Chester, PA 19016, 1-833-799-5355.
