Dr. Alexes Hazen, PLLC recently disclosed a data breach involving unauthorized access to its computer systems. The incident may have exposed sensitive personal and medical information belonging to certain individuals affiliated with the practice.
Dr. Alexes Hazen PLLC’s Data Breach Investigation
Dr. Alexes Hazen, PLLC (referred to as “the Practice”), a medical provider based in New York, recently reported a cybersecurity incident that may have impacted the security of sensitive personal and health-related information stored within its systems.
According to the Practice, it first became aware of the issue on January 20, 2026, when it received information indicating that unauthorized access may have occurred within certain computer systems. Upon discovering the potential security event, the Practice immediately initiated a response and began working with third-party cybersecurity specialists to investigate the incident.
The Practice also contacted law enforcement authorities to assist with the investigation and help determine the scope and nature of the unauthorized access.
Through the forensic investigation, cybersecurity experts determined that an unauthorized actor had gained access to certain Practice computer systems during a period spanning several weeks in 2025. Specifically, investigators concluded that the unauthorized access occurred between June 23, 2025, and July 15, 2025.
During that time frame, the attacker may have accessed or taken a limited amount of information stored within the affected systems. Investigations of cybersecurity incidents often involve reviewing system logs, analyzing network activity, and examining affected files in order to determine what information may have been viewed or removed.
At the time of the disclosure, the Practice indicated that the review of impacted data was still ongoing. As a result, the exact scope of the information involved may vary by individual whose data was stored on the affected systems.
Although the Practice stated that it currently has no evidence that the information has been used for identity theft or fraud, incidents involving unauthorized access to personal and medical data can still pose risks to affected individuals.
Healthcare providers often store highly sensitive information, including both personally identifiable information and protected health information. When this type of data becomes accessible to unauthorized parties, it may increase the risk of identity theft, financial fraud, or medical identity fraud.
Following the discovery of the breach, the Practice reported that it has been working to strengthen the security of its systems. The organization stated that it is assessing additional safeguards and mitigation measures designed to help prevent similar incidents from occurring in the future.
In addition, the Practice has begun notifying individuals whose information may have been affected. Providing notification allows individuals to remain vigilant and take steps to monitor their personal information for signs of misuse.
Individuals who believe their information may have been impacted are encouraged to monitor their financial accounts, credit reports, and healthcare statements for any unusual activity. In situations where personal information is exposed, early detection of suspicious activity can help reduce the risk of further harm.
When Did This Breach Occur?
According to the Practice’s investigation, the unauthorized access to its computer systems occurred between:
June 23, 2025 – July 15, 2025
The Practice later discovered the potential security incident on January 20, 2026, which prompted the launch of a cybersecurity investigation and notification process.
What Information Was Breached?
The information potentially exposed in the incident may vary by individual but could include:
-
Name
-
Demographic information
-
Date of birth
-
Social Security number
-
Government-issued identification numbers
-
Medical history, conditions, procedures, or diagnosis information
-
Medication information
-
Photographs
-
Insurance information
-
Payment or financial information
What You Can Do
If you received a notification that your information may have been involved in the Dr. Alexes Hazen PLLC data breach, there are several steps you may consider taking to protect yourself.
Start by closely monitoring your financial accounts and reviewing bank statements for any unfamiliar transactions. If you notice suspicious activity, contact your financial institution immediately.
You should also monitor your credit reports and consider placing a fraud alert or credit freeze with the major credit reporting agencies. These tools can help prevent unauthorized credit accounts from being opened in your name.
Because the breach may involve medical information, reviewing explanations of benefits and insurance statements can also help detect fraudulent medical claims or unauthorized healthcare services.
Staying vigilant against phishing emails, suspicious phone calls, or other unexpected communications requesting personal information can also help protect you from follow-up scams that sometimes occur after data breaches.
Many individuals affected by data breaches are unaware that they may have legal rights if their personal information was exposed due to inadequate cybersecurity protections. Understanding your options can help you determine whether you may be eligible to pursue compensation.
File a Data Breach Lawsuit Against Dr. Alexes Hazen PLLC
If you received a data breach notification from Dr. Alexes Hazen PLLC, you may have legal rights. Healthcare organizations are responsible for implementing strong cybersecurity safeguards to protect the sensitive personal and medical information entrusted to them.
When companies fail to properly safeguard personal data and a breach occurs, affected individuals may be able to pursue compensation through a data breach lawsuit. These claims may seek damages related to identity theft risks, financial losses, and the time spent protecting personal information.
Class action lawsuits allow individuals affected by the same incident to join together and pursue accountability for inadequate data security practices.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.