Tulane University Medical Group Data Breach

Tulane University Medical Group (TUMG), a medical practice associated with the Administrators of the Tulane Educational Fund, reports a data breach caused by a ransomware attack claimed by the CL0P ransomware group. 

The threat actors claimed the compromise on their Tor leak site on November 18, 2025, several months before the official regulatory filing.

The attackers targeted TUMG’s clinical and financial management systems and the eClinicalWorks Electronic Health Record (EHR) platform used for patient engagement and analytics. The compromised data includes:

• Full names and home addresses
• Dates of birth
• Social Security numbers
• Medical record numbers
• Clinical treatment information
• Patient billing and financial data

The number of affected individuals is 6,530. 

Official notifications are being sent to affected individuals. It's not clear if the organization will offer free credit monitoring services. 

Affected individuals should monitor their insurance explanation of benefits (EOB) statements for any fraudulent medical services or claims. Experts recommend placing a fraud alert or credit freeze on credit files and changing passwords for any accounts that may share credentials with the medical group's portal.