The Plastic Surgery Center recently reported a data breach to the Attorney General of Vermont. The breach occurred when its contracted billing company detected suspicious activity within its network. This prompted the Center to launch an investigation into the incident to determine its nature and scope. The breach potentially involved sensitive personal identifiable information belonging to individuals who sought services at the Center.
Following the investigation, The Plastic Surgery Center confirmed that unauthorized access may have occurred between November 4, 2024.
The unauthorized party potentially acquired sensitive information shared between the Center and its billing company. The company has yet to disclose the exact type of personal information exposed in the breach. However, the information may include names, Social Security numbers, driver’s licenses, financial account numbers, biometric data, and health records.
In response to the breach, The Plastic Surgery Center began reviewing the data to identify the affected individuals. The company is working to ensure that those impacted are informed. On April 18, 2025, data breach notification letters were sent to affected individuals. These letters provided specific details on the exposed information and offered complimentary credit monitoring services to those affected.
The Plastic Surgery Center is based in Shrewsbury, New Jersey, and offers a variety of cosmetic procedures. These include gender-affirming surgeries, liposuction, and non-surgical treatments like injectables and laser hair removal. The company has over 20 locations across New Jersey, Pennsylvania, and New York, with more than 200 employees. The breach has raised concerns about the security of sensitive personal information handled by medical practices.
Reference:
