Advanced Family Surgery Center (Covenant Health) 2025 Data Breach

Advanced Family Surgery Center 2025 Data Breach: Patient PHI Exposed via Genesis Ransomware

Healthcare / Surgical Center / Consumer

Advanced Family Surgery Center 2025 Data Breach: Patient PHI Exposed via Genesis Ransomware

Oak Ridge, Tennessee surgical center affiliated with Covenant Health.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
96/100
Lower riskHigher risk
High and current: recent, valuable data circulating on the dark web now.
Data Sensitivity i
Elevated
Exposed data raises the risk of fraud, targeting, and impersonation. Proactive steps are warranted.
15k rowsRecords
2025Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Crucial data exposed
SSNSocial Security Number
Gov IDGovernment ID (Medicare)
PHI / MedicalHealth Insurance Information; Medical Diagnosis; Medical Record Number
AddressHome address
Classification Tags
GenesisRansomware / ExtortionHealthcareMedicalPatients2025

Breach Summary

Advanced Family Surgery Center (Covenant Health) became aware of a network intrusion around November 26, 2025; on January 11, 2026 the Genesis ransomware group claimed about 100 GB of data. Exposed files included names, addresses, dates of birth, dates of service, health insurance information, medical diagnoses, medical record numbers, Medicare/Medicaid numbers, treatment information, provider names and Social Security numbers.

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

15k rows records analyzed

About Advanced Family Surgery Center (Covenant Health)

Advanced Family Surgery Center is an Oak Ridge, Tennessee surgical facility affiliated with the Covenant Health network.

Why They Hold Your Data

A surgical center holds patient identity and contact data, dates of birth, SSNs, Medicare/Medicaid numbers, health insurance and clinical treatment records (PHI).

Recent Developments

Advanced Family Surgery Center identified an intrusion around November 26, 2025; the Genesis ransomware group claimed it in January 2026.

Data Points Exposed

8 verified field types
Date of Birth High
Full Name
Government ID (Medicare) Critical
Health Insurance Information High
Home address High
Medical Diagnosis Critical
Medical Record Number High
Social Security Number Critical

Breach Impact

As a HIPAA-covered provider, the center faced OCR notification and litigation; reported victim counts rose sharply during the investigation.

Principal Risk Advisory

What this means for a principal

A healthcare-linked breach: exposure ties a named individual to a provider relationship and, where clinical or insurance data is present, to conditions and treatment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.

What You Should Do

  1. Freeze credit at all three bureaus and monitor for new-account and tax-refund fraud.
  2. Treat the home address as exposed: review mail and package handling and physical-security routines, and brief household staff to verify unusual requests.
  3. Watch for medical-benefit fraud and health-themed phishing that references real provider relationships.
  4. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping and footprint neutralization: cross-reference against broker-available data and suppress still-removable elements, prioritizing address and phone, since this record re-seeds broker networks.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).
G
Threat Actor: GenesisConfidence: Medium
Ransomware group

Motivation: Financial extortion
An emerging ransomware group first observed late 2025 using double extortion, targeting small-to-mid US organizations in business services, healthcare, manufacturing, financial services and construction; 90+ claimed victims by mid-2026.

Read the full threat-actor profile →

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation