McLeod Physician Associates Data Breach Lawsuit Investigation

Written By Valeria Linares
Active investigation · Free, confidential case review
Call (954) 799-5914
Data Breaches / McLeod Physician Associates
Active investigation Data breach · Healthcare Notices mailed Jun 5, 2026

Received a June 2026 breach notice from McLeod Physician Associates?

Dapeer Law, P.A. is investigating a potential class action against McLeod Physician Associates, a South Carolina medical group practice within the McLeod Health system, on behalf of patients whose personal and health information may have been exposed in the October 2025 cyber incident.

Submit your claim See what to do No fee unless we recover for you
RD
Reviewed by Rachel Dapeer, Esq., Dapeer Law, P.A.
Breach window
Oct 17 to 18, 2025
Unauthorized server access
Notification delay
~8 months
Breach Oct 2025, notices Jun 2026
Credit monitoring
Offered
Experian IdentityWorks (Experian)
Eligibility

Who may qualify

You may be eligible to participate in a class action if any of the following applies:

  • You received a data breach notification letter from McLeod Physician Associates dated June 2026.
  • Your letter offered enrollment in free Experian IdentityWorks identity protection.
  • You were a patient of McLeod Physician Associates or an affiliated practice such as Dillon Family Medicine whose information was held on the affected server.
  • No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
  • Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.

Not sure if you qualify?

Send us your notice, we'll confirm your eligibility at no cost.

Check eligibility
Background

What happened

McLeod Physician Associates, a medical group practice within the McLeod Health system based in Florence, South Carolina, has disclosed that an unauthorized party accessed a server that was in the process of being decommissioned. According to the notice filed with the South Carolina Department of Consumer Affairs, the access occurred during a window of October 17 to October 18, 2025 and involved a single Dillon Family Medicine server. The practice has stated that no active McLeod Health systems were affected.

A suspicious file was located on the server on March 5, 2026, after which McLeod Physician Associates engaged third-party cybersecurity specialists and notified law enforcement. On April 14, 2026, investigators determined that an outside party had accessed the server during the October 2025 window. The practice began mailing notices to 16,788 South Carolina patients on June 5, 2026, and is offering impacted individuals complimentary identity protection through Experian IdentityWorks. The roughly eight-month gap between the incident and patient notification is among the issues being evaluated.

The files on the affected server are reported to have contained patients' names, dates of birth, Social Security numbers, diagnoses and treatment information, medications, test results, medical images, and health insurance details. Because protected health information of this kind cannot be changed like a password, its exposure can carry a long-term risk of medical identity theft and insurance fraud. Healthcare providers have obligations under HIPAA and state law to safeguard this information.

Unauthorized access Decommissioned server Protected health information South Carolina DCA filing 16,788 patients
Action plan

What to do if you received a letter

1

Keep your notice letter

Do not discard it. Your letter contains the enrollment code for the identity protection service and is important evidence if you decide to participate in a lawsuit.

2

Enroll in the free Experian IdentityWorks identity protection

Enroll in the Experian IdentityWorks identity protection offered in your letter before the stated deadline. Accepting this benefit does not waive your right to pursue legal action.

3

Place a fraud alert or credit freeze

Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.

4

Speak with a data breach attorney

Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action.

Submit your notice for a free review

Two minutes online. A licensed attorney reviews every submission.

Submit your claim
Timeline

Breach timeline

Oct 17 to 18, 2025 Passed
Unauthorized access to decommissioned server
Mar 5, 2026 Passed
Suspicious file found on server being retired
Apr 14, 2026 Passed
Investigation confirms outside access during Oct 2025 window
Jun 5, 2026 Passed
Notice filed with SC regulators, letters mailed to 16,788 patients
Pending Active
Potential class action filing
Statutes of limitations vary by state and legal theory, typically one to six years. Waiting can permanently bar your claim.
Possible recovery

Compensation you may be entitled to

Out-of-pocket expenses

Credit freezes, identity restoration services, and other costs incurred responding to the breach.

Time spent monitoring

Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.

Identity theft & fraud losses

Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.

Statutory damages

Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.

Injunctive relief

Court orders requiring McLeod Physician Associates to implement stronger data security practices going forward.

Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.

FAQ

Common questions

I received a data breach letter from McLeod Physician Associates. What should I do? +

Keep the letter, enroll in the free Experian IdentityWorks identity protection before the deadline printed in your notice, place a fraud alert or security freeze on your credit file, and review your medical statements and Explanation of Benefits forms for unfamiliar activity. Because Social Security numbers and health data may be involved, watch for both financial and medical identity theft. Contact a data breach attorney for a free consultation; accepting the identity protection does not waive your right to sue.

Am I eligible to join a class action against McLeod Physician Associates? +

If you received a June 2026 breach notice from McLeod Physician Associates, you are likely eligible for a free case evaluation. The notice identifies 16,788 affected South Carolina patients. Eligibility depends on your state of residence, the categories of your data that were exposed, and any losses you have suffered. Dapeer Law will review your notice at no cost.

How much money could I receive from a class action lawsuit? +

Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.

What personal information was exposed in the breach? +

The public notice reports that files on the affected server contained some or all of the following: names, dates of birth, Social Security numbers, diagnoses and treatment information, medications, test results, medical images, and health insurance details. The specific data involved varies by individual, so check your own letter for the categories that applied to you.

Did McLeod Physician Associates offer free credit monitoring? +

Yes. McLeod Physician Associates is offering complimentary identity protection through Experian IdentityWorks. The duration of the membership was not specified in the publicly filed notice. Enroll before the deadline printed in your letter. Enrollment is separate from, and does not waive, your right to pursue a claim.

How many people were affected by the McLeod Physician Associates breach? +

The notice filed with the South Carolina Department of Consumer Affairs lists 16,788 affected patients. This page will be updated as additional information becomes available.

Is there a deadline to take legal action? +

Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.

How do I get a copy of the official breach notice? +

The consumer notice is available through the South Carolina Department of Consumer Affairs security breach notices page (linked in Sources below). If you received a letter but no longer have it, Dapeer Law can assist you in obtaining a copy during your free consultation.

References

Sources & references

Attorney advertising. This page is provided for informational purposes only. It does not constitute legal advice or form an attorney-client relationship. Dapeer Law, P.A. is not affiliated with McLeod Physician Associates II, Experian IdentityWorks, or any credit bureau. Prior results do not guarantee a similar outcome. All information regarding the data incident is drawn from the official notification filed with South Carolina Department of Consumer Affairs on June 5, 2026.
Free, confidential case review

Don't let the deadline decide for you. Submit your claim today.

You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.

Submit your claim Call (954) 799-5914

Why Dapeer Law

Practice focusConsumer class actions
Licensed inFL · NY · NJ · IL
Case review fee$0
Response timeSame business day
Free case review
Confidential · 2 minutes
Submit claim →
Valeria Linares
Previous

Lansing Community College Data Breach Lawsuit Investigation
Next

MasTec, Inc. Data Breach Lawsuit Investigation