You are here: / HIPAA Breach Notification

HIPAA Breach Notification

On Tuesday, June 24, 2025, it was discovered that two internal email accounts authorized for conducting business on behalf of Equilibria were breached on that same day. As a result, an unidentified outside party gained access to email addresses belonging to multiple Equilibria clients, individuals who have contacted Equilibria to inquire about services, and/or family members. It is possible that in some cases unauthorized parties may have also obtained the mailing addresses, physical addresses, telephone numbers, health insurance plan information, and/or a person’s self-reported reason for reaching out to the practice.

As a result of this breach, some individuals received a phishing email that was sent from a compromised email address. A phishing email is a fraudulent message that appears to be sent by a legitimate source that aims to trick the receiver into providing sensitive information. This email instructed the receiver to open a document requesting the receiver’s signature. Once opened, the document also requested the receiver’s email account login information. Please know that you will never receive an authorized request for document signature from EPCS via email. All such requests are made through our secure patient portal.

If you receive or have received this email, please do not open the embedded link. Please delete the email. Prior to deleting you may wish to report the phishing attempt to your email server, an option available through most servers. If you received this email and you did open the document and provide your password, you should change your password immediately.

Please know that EPCS values your privacy and that this breach was not intentional. EPCS sincerely apologizes for this occurrence and for any inconvenience this may have caused. To protect against a recurrence of this type of breach, EPCS investigated the root causes of the incident and is evaluating its cyber safety protocols and taking action to further strengthen protection. If at any point you discover that your information has been used inappropriately or you have questions about the possible disclosure of your protected health information or the protected health information of someone to whom you are the legal guardian, please notify EPCS HIPAA Privacy Officer Erica Burgoon at (267) 861-3685 x490 or (888) 233-2570 or via email Privacy@EquilibriaPCS.com.

Update (9/3/2025): Equilibria has received a number of questions relating to whether its EHR system was impacted during this breach. The breach was limited to the two email accounts discussed above. At this time, Equilibria does not have any information suggesting its EHR system was exposed during this breach.