Erlanger Health has announced a data privacy incident involving protected health information (PHI) belonging to certain Erlanger Western Carolina patients who received anesthesia services. The incident involved patient information being sent to a billing partner used by an anesthesia group serving Erlanger Tennessee campuses. Erlanger states that it has secured its systems, investigated the matter, and has no evidence that the information was improperly used.
Erlanger Health Data Breach Investigation
On May 13, 2026, Erlanger Health discovered that protected health information belonging to some Erlanger Western Carolina patients may have been compromised. The investigation determined that information belonging to Erlanger Western Carolina patients who received anesthesia care was included in data sent to a billing partner used by an anesthesia group that provides services for Erlanger Tennessee campuses.
The anesthesia services provided at Erlanger Western Carolina are handled by a separate anesthesia group. The information was reportedly transmitted between July 1, 2025, and May 27, 2026.
Erlanger stated that it immediately took steps to secure the information and launched an investigation into the incident. The organization also reported the event to regulators and began notifying individuals whose information may have been affected.
While Erlanger has not identified evidence that the information has been misused, healthcare data breaches can create risks because medical information and identifying details may be valuable to criminals attempting identity theft, fraud, or targeted phishing campaigns.
When Did the Erlanger Data Breach Occur?
The potentially affected information was sent between July 1, 2025, and May 27, 2026. Erlanger discovered the issue on May 13, 2026, and began investigating the scope of the incident.
What Information Was Exposed?
The information potentially involved may include:
- Patient name
- Date of birth
- Medical record number
- Mailing address
- Email address
- Telephone number
- Internal hospital account number
- Insurance information
- Guarantor name
- Guarantor address
- Guarantor telephone number
- Date of service
- Limited medical information related to surgical care, including operative notes
Erlanger stated that Social Security numbers were not involved in the incident.
The organization also noted that not every affected individual had the same information exposed, and not all listed categories of information applied to every patient.
What You Can Do
If you received anesthesia care at Erlanger Western Carolina between July 1, 2025, and May 27, 2026, you may have been affected by this incident. Consider taking the following steps to protect your personal and medical information:
- Review medical bills, insurance statements, and explanations of benefits for unfamiliar services or charges.
- Monitor financial accounts for suspicious activity.
- Be cautious of emails, calls, or messages requesting personal or medical information.
- Keep copies of any breach notification letters or communications from Erlanger.
- Contact your healthcare provider or insurer if you identify inaccurate medical information or suspicious activity.
Although Erlanger has stated that it has no evidence of improper use of the affected information, medical data can remain sensitive for years. Staying informed and monitoring your accounts can help identify potential problems early.
If you believe your information was involved in the Erlanger Health data breach, you may have legal options. Fill out the form on this page to learn whether you may qualify for a claim and connect with legal professionals who can evaluate your situation.
File a Data Breach Lawsuit Against Erlanger Health
Healthcare providers have a responsibility to protect patient information entrusted to them. When sensitive medical information is exposed due to a data security incident, affected individuals may have rights depending on the circumstances surrounding the event.
Patients impacted by the Erlanger Health data breach may be able to seek compensation for damages related to privacy violations, time spent responding to the incident, expenses associated with protecting their identity, and other potential losses.
Don’t stand alone after a data breach. Joining together with others affected by the same incident can help consumers understand their rights and explore available legal options.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.