Coastal Carolina Urology Data Breach Exposes Patient Health Records

Healthcare data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: 22nd May 2026

What Happened in the Coastal Carolina Urology Data Breach?

Coastal Carolina Centers of Urology and Surgery LLC, a South Carolina medical practice, has disclosed a data breach involving patient health records. The practice provides urology and surgical care to patients across the region. As a result of this incident, sensitive medical information may have been accessed without authorization.

At this time, the practice has released limited details about how the breach occurred. However, the Coastal Carolina Urology data breach was formally reported to the Vermont Attorney General on May 22, 2026. This filing confirms that patient data was compromised and that the practice determined notification was necessary.

Because specific details remain limited, the exact method of attack has not been made public. In addition, the practice has not disclosed when the unauthorized access actually began. As more information becomes available, affected patients should watch for updates directly from the practice.

Regulatory filings like this one often mark the first public sign that an investigation has taken place behind the scenes. Typically, a forensic review helps organizations determine what data was accessed and who was affected. While Coastal Carolina Centers of Urology and Surgery has not published every finding, the Vermont filing indicates that this review process is already underway.

Who was affected?

The breach appears to affect patients who received urology or surgical care from Coastal Carolina Centers of Urology and Surgery. Because the practice serves patients throughout South Carolina, most affected individuals are likely residents of that state. However, the notification was filed with Vermont’s Attorney General, which suggests at least one Vermont resident may also be impacted.

The total number of individuals affected nationwide has not been publicly reported. As a result, it is currently unclear how large this breach truly is. Given that the organization is a medical practice, patients of all ages could be involved, including older adults who may be more vulnerable to targeted scams.

Because health records were involved, this breach could also touch sensitive details tied to ongoing medical care. For example, patients undergoing urology treatment may have especially private health information at risk. This makes the potential impact more serious than a typical data exposure.

What Information Was Potentially Exposed?

According to the breach notification, the exposed information included patient health records. While the practice has not detailed every specific data element, health records for a urology and surgical practice often include a range of sensitive details.

  • Patient names
  • Health records related to urology and surgical care
  • Medical treatment history
  • Other personal information tied to patient files

Because health records were exposed, affected patients face a real risk of medical identity theft. For instance, stolen health information can be used to file fraudulent insurance claims or obtain prescription medications under someone else’s name. This type of fraud can be difficult to detect and may take months to fully unravel.

In addition, exposed health data often includes details that criminals can use for targeted phishing attempts. Scammers may pose as the practice or an insurance provider to trick patients into revealing more information. Because urology-related records can be highly sensitive, some patients may also face privacy concerns beyond financial risk.

What is the company doing?

Coastal Carolina Centers of Urology and Surgery has taken steps to formally report the breach to state regulators. This includes filing notification with the Vermont Attorney General’s office, a required step when residents of that state may be affected. The practice has indicated that patients with questions can contact it directly for more information.

Beyond the regulatory filing, the practice has not publicly detailed additional remediation steps. However, healthcare organizations typically work to secure their systems, review internal safeguards, and monitor for further suspicious activity following a breach discovery. Patients should watch for official letters or notices describing any protective services, such as credit or identity monitoring, that may be offered.

As the investigation continues, more details may become available. Therefore, patients should keep any correspondence from the practice and check back for updates. Staying in contact with the provider can help patients understand exactly what happened and what support is available to them.

What Should Affected Individuals Do?

Monitor Your Credit Reports

Affected patients should regularly check their credit reports for unfamiliar accounts or inquiries. Because health information can sometimes be used alongside other personal details to commit fraud, early detection matters. You can request free credit reports from each of the three major bureaus.

Reviewing these reports regularly makes it easier to catch suspicious activity quickly. If you notice anything unusual, report it immediately to the credit bureau and consider placing a fraud alert on your file. Acting quickly can limit the damage caused by identity theft.

Watch for Medical Identity Theft

Because health records were exposed, patients should closely review any insurance statements or medical bills they receive. Unexpected charges or unfamiliar treatments listed on an insurance explanation of benefits could indicate fraudulent use of your information. This is a key warning sign of medical identity theft.

If you spot anything suspicious, contact your insurance provider and the practice right away. In addition, request copies of your medical records to confirm they are accurate. Correcting fraudulent entries early can prevent complications with future medical care.

Stay Alert to Phishing Attempts

Following any healthcare data breach, scammers often use stolen details to craft convincing phishing emails or phone calls. Be cautious of any message claiming to be from Coastal Carolina Centers of Urology and Surgery that asks for personal or financial information. Legitimate healthcare providers rarely request sensitive details through unsolicited emails or texts.

Instead, verify any suspicious communication by contacting the practice directly using a known phone number. Never click links or share information in messages you did not expect. This simple habit can prevent many common scams tied to data breaches.

Consider a Fraud Alert or Credit Freeze

Because personal information may have been exposed alongside health records, placing a fraud alert with the credit bureaus adds an extra layer of protection. A fraud alert requires lenders to verify your identity before opening new credit in your name. This step is free and typically lasts one year.

For stronger protection, you may also consider a credit freeze, which restricts access to your credit file entirely. While this requires a few extra steps when applying for credit yourself, it offers significant protection against identity thieves. If you are unsure which option fits your situation, a data breach attorney can help you evaluate your rights and next steps.



More Information

Official Notice from Providence

Official Notice from Vermont

Related Data Breaches