Skip to main content
health care professional

Michael R. Schwartz, MD Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

Michael R. Schwartz, MD, a plastic surgery practice based in California, recently announced a cybersecurity breach that may have compromised sensitive patient information. The incident was discovered in late August 2025, when the practice detected unusual activity on one of its office network computers. Contact our data breach lawyers for a free consultation. 

What Happened at Michael R. Schwartz?

Following an internal investigation, it was determined that an unauthorized party had gained remote access to parts of the system for several months, between January and August 2025. During that time, files containing patient data may have been accessed or copied without permission. The practice has not confirmed the total number of people affected, but the potential scope is concerning.

The compromised information may include names, Social Security numbers, contact information, email addresses, medical record numbers, and even patient photographs. Fortunately, there is no indication that financial data, such as credit card or banking details, was involved.

After identifying the breach, the practice took immediate steps to secure its network, replace affected systems, and involve cybersecurity specialists to conduct a comprehensive review. It also notified state regulators and began mailing notification letters to affected patients in October 2025. The notice included details about the breach and offered complimentary credit monitoring and identity protection services to help minimize the risk of fraud.

What Patients Can Do Now

Patients who received a breach notification should take several important steps. Enrolling in the provided identity-monitoring program is the first line of defense. It’s also wise to check credit reports and insurance records for suspicious activity. Because the exposed data may include personal identifiers and health information, individuals should be alert to any unusual communication or attempts to misuse their medical identity. Even if no fraudulent activity has been detected yet, the exposure of such private details carries long-term risks.

Legal Rights and Data Security Obligations

Under California privacy laws and federal regulations such as HIPAA, medical providers have a legal duty to safeguard patient information. When an entity fails to implement proper cybersecurity measures or delays notification, it can be held legally responsible for the harm that results. Victims of data breaches may have claims for compensation tied to the time and expense of monitoring their data, as well as the emotional impact of having their private medical information exposed.

Why Hire The Lyon Firm

The Lyon Firm represents individuals affected by healthcare and data privacy breaches nationwide. With extensive experience in complex data-breach litigation, the firm investigates whether organizations met their security obligations and helps clients pursue justice when negligence is involved.

If your personal or medical data was compromised in the Michael R. Schwartz, MD data breach, the Lyon Firm can evaluate your case, explain your legal rights, and help protect your financial and personal information moving forward.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.