Awakenings Center Data Breach Exposes 17,800 Patient Records

A significant healthcare data breach has impacted Loving and Living Center, PC, operating as Awakenings Center, a North Carolina-based mental health provider. The incident, reported to the Department of Health and Human Services on November 7, 2024, affected approximately 17,800 individuals and involved unauthorized access to the organization's electronic medical record system.

What Happened

Awakenings Center discovered unauthorized access to its electronic medical record system on or around September 10, 2024. The breach was classified as a hacking/IT incident that compromised sensitive patient information stored in their electronic health records.

The healthcare provider, which specializes in couples therapy, sex therapy, and individual counseling services, has launched a forensic investigation to determine the full scope of the breach. Law firms including Strauss Borrelli PLLC and Levi & Korsinsky, LLP are investigating the incident and potential compensation for affected individuals.

Who Is Affected

The breach impacted over 17,800 patients who received services from Awakenings Center. Given the nature of the practice, which provides mental health counseling, couples therapy, and sex therapy services, the compromised information likely includes highly sensitive psychological and medical data.

Patients who have been affected by this breach should have received notification letters from Loving and Living Center, PC dba Awakenings Center. If you received such a notification, you are likely among those whose personal and protected health information was compromised.

Breach Details

Key Facts:

• Entity: Loving and Living Center, PC dba Awakenings Center
• Location: North Carolina
• Breach Type: Hacking/IT Incident
• Discovery Date: On or around September 10, 2024
• Reported Date: November 7, 2024
• Individuals Affected: 17,800
• Data Location: Electronic Medical Record system

The breach involved unauthorized access to the organization's electronic medical record system, which typically contains comprehensive patient information including personal identifiers, medical histories, treatment records, and billing information. For a mental health practice like Awakenings Center, this data would include particularly sensitive information about patients' psychological conditions, therapy sessions, and personal relationships.

What This Means for Patients

This breach is particularly concerning given the sensitive nature of mental health information. The compromised data likely includes:

• Personal identifying information (names, addresses, phone numbers, Social Security numbers)
• Protected health information (PHI)
• Mental health diagnoses and treatment plans
• Therapy session notes
• Prescription information
• Insurance and billing details
• Potentially intimate details shared during couples and sex therapy sessions

The exposure of mental health records can have lasting impacts on patients, including potential discrimination, stigma, and privacy violations. Unlike financial information that can be changed, medical and psychological information is permanent and deeply personal.

Legal Action and Compensation

Multiple law firms are investigating this breach, suggesting potential class-action lawsuits may be forthcoming. Affected patients may be entitled to compensation for:

• Identity theft protection services
• Credit monitoring
• Damages related to privacy violations
• Costs associated with identity restoration
• Emotional distress

How to Protect Yourself

If you received a breach notification from Awakenings Center, take these immediate steps:

Monitor Your Accounts:

• Check all financial accounts regularly for unauthorized activity
• Review credit reports from all three major credit bureaus
• Set up fraud alerts with credit monitoring services

Protect Your Identity:

• Consider freezing your credit reports
• Monitor explanation of benefits (EOB) statements for unauthorized medical services
• Be alert for phishing attempts using your personal information

Document Everything:

• Keep all breach notification materials
• Document any suspicious activity or potential identity theft
• Maintain records of time spent addressing breach-related issues

Stay Informed:

• Follow up with Awakenings Center for additional information
• Monitor news about potential class-action lawsuits
• Contact the investigating law firms if you're interested in potential compensation

Prevention Lessons for Healthcare Providers

This breach highlights critical cybersecurity vulnerabilities that healthcare organizations must address:

Essential Security Measures:

• Implement multi-factor authentication for all system access
• Maintain regular security assessments and penetration testing
• Ensure all software and systems are regularly updated with security patches
• Provide comprehensive cybersecurity training for all staff
• Deploy advanced threat detection and monitoring systems

HIPAA Compliance Requirements:

• Conduct regular risk assessments
• Implement administrative, physical, and technical safeguards
• Maintain detailed audit logs and access controls
• Develop and test incident response plans
• Ensure business associate agreements include adequate security requirements

Mental Health Practice Considerations: Mental health providers handle extremely sensitive information requiring enhanced protection measures. The psychological impact of breaching therapy records extends far beyond typical medical information, making robust cybersecurity essential for maintaining patient trust and therapeutic relationships.

Incident Response Best Practices:

• Immediate containment and forensic investigation
• Prompt notification to authorities and affected individuals
• Transparent communication about the scope and impact
• Comprehensive remediation measures
• Long-term monitoring and security improvements

Healthcare organizations must recognize that cybersecurity is not optional—it's a fundamental requirement for protecting patient privacy and maintaining compliance with HIPAA regulations. The cost of prevention is always less than the cost of a breach, both financially and in terms of patient trust.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.