Marrs ENT & Pediatric ENT Specialists Data Breach Affects 6,376 Patients

A significant healthcare data breach involving Marrs Ear, Nose & Throat, PA and its affiliated Pediatric Ear, Nose & Throat Specialists has compromised sensitive information for 6,376 patients. The breach, reported to the Department of Health and Human Services on November 18, 2024, involved unauthorized network access that exposed a wide range of personal and medical information.

What Happened

On February 24, 2025, Pediatric Ear, Nose & Throat Specialists discovered unauthorized network activity within their systems. Following an investigation, cybersecurity experts determined that an unknown intruder had accessed sensitive patient files over a six-day window before detection.

The breach was classified as involving unauthorized access and disclosure, with the primary attack vector being through the organization's email systems. This incident highlights the ongoing vulnerability of healthcare providers to sophisticated cyber attacks that can remain undetected for extended periods.

Who Is Affected

The data breach impacts 6,376 individuals who were patients of either Marrs Ear, Nose & Throat, PA or Pediatric Ear, Nose & Throat Specialists. The affected practice operates under multiple business names, including Pediatric Otolaryngology Head & Neck Surgery Associates, P.A., which does business as Pediatric ENT Specialists.

Patients who received services from these Florida-based healthcare providers should be particularly vigilant about monitoring their personal information and accounts for signs of unauthorized activity.

Breach Details

The investigation revealed that cybercriminals accessed a comprehensive range of sensitive information during the six-day breach window. The compromised data includes:

• Patient names
• Mailing and email addresses
• Phone numbers
• Social Security numbers
• Driver's license or state ID numbers
• Financial account information
• Taxpayer ID numbers
• Digital signatures
• Dates of birth

This extensive list of compromised data points makes this breach particularly concerning, as it provides cybercriminals with enough information to potentially commit identity theft, financial fraud, and other forms of cybercrime.

The breach occurred through the organization's email systems, suggesting that either phishing attacks, compromised email credentials, or other email-based attack vectors were used to gain initial access to the network.

What This Means for Patients

The comprehensive nature of the data exposed in this breach puts affected patients at significant risk for various forms of identity theft and fraud. With access to Social Security numbers, financial account information, and driver's license details, cybercriminals have the tools necessary to:

• Open new credit accounts or loans
• File fraudulent tax returns
• Access existing financial accounts
• Apply for government benefits
• Commit medical identity theft
• Engage in other forms of identity fraud

The inclusion of digital signatures in the compromised data is particularly concerning, as this could potentially be used to forge documents or authorize fraudulent transactions.

Patients should also be aware that healthcare data breaches can have long-lasting consequences, as medical information doesn't change over time like credit card numbers or passwords. Once compromised, this information remains vulnerable indefinitely.

How to Protect Yourself

If you are a patient of Marrs Ear, Nose & Throat, PA or Pediatric ENT Specialists, take these immediate steps to protect yourself:

Monitor Financial Accounts: Review all bank statements, credit card accounts, and other financial records for unauthorized transactions. Set up account alerts to be notified of any suspicious activity.

Check Credit Reports: Obtain free credit reports from all three major credit bureaus (Experian, Equifax, and TransUnion) and review them carefully for new accounts or inquiries you didn't authorize.

Consider Credit Freezes: Place security freezes on your credit reports to prevent new accounts from being opened without your permission.

Watch for Tax Fraud: Be alert for signs that someone may have filed a fraudulent tax return using your Social Security number, such as receiving unexpected tax documents or IRS notices.

Monitor Healthcare Statements: Review medical bills and insurance statements for services you didn't receive, which could indicate medical identity theft.

Be Wary of Phishing: Expect an increase in phishing emails and phone calls attempting to exploit this breach. Never provide personal information in response to unsolicited communications.

Document Everything: Keep detailed records of all communications related to the breach and any steps you take to protect yourself.

Legal Action and Investigation

Strauss Borrelli PLLC, a leading data breach law firm, has announced they are investigating Pediatric Otolaryngology Head & Neck Surgery Associates, P.A. regarding this data breach. This investigation suggests that affected patients may have legal recourse and that class action lawsuits could potentially be filed.

Patients who believe they have been harmed by this breach should document any damages and consider consulting with legal professionals who specialize in data breach cases.

Prevention Lessons for Healthcare Providers

This breach serves as another reminder of the critical importance of robust cybersecurity measures in healthcare organizations. Key prevention strategies include:

Email Security: Implement advanced email security solutions, including anti-phishing tools, secure email gateways, and employee training on recognizing suspicious emails.

Network Monitoring: Deploy continuous network monitoring systems that can detect unauthorized access more quickly than the six-day window experienced in this case.

Access Controls: Implement strict access controls and regularly review user permissions to ensure employees only have access to information necessary for their roles.

Incident Response: Develop and regularly test incident response plans to ensure quick detection, containment, and notification of breaches.

Regular Security Assessments: Conduct frequent security audits and penetration testing to identify vulnerabilities before they can be exploited.

Employee Training: Provide ongoing cybersecurity training to all staff members, as human error remains one of the most common causes of data breaches.

The healthcare industry continues to be a prime target for cybercriminals due to the value of medical information on the dark web and the critical nature of healthcare services that may lead organizations to pay ransoms quickly.

As cyber threats continue to evolve and become more sophisticated, healthcare providers must prioritize cybersecurity investments and maintain constant vigilance to protect patient data.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.