Keys Pathology Associates reports vendor breach impacting 13,756 patients

Keys Pathology Associates in Marathon, Texas, has confirmed that a third-party vendor breach exposed the personal and health information of 13,756 individuals, including 26 residents of Maine. The incident was first reported to the HHS Office for Civil Rights in July 2025 with an initial estimate of 20,000 affected individuals.

The breach occurred at Genesis Billing Services, a North Carolina-based vendor that handled billing services for Keys Pathology. According to the report, an unauthorized actor accessed a third-party server hosting patient data around May 20, 2025, exfiltrated files, and deployed ransomware. Keys Pathology was notified on May 27, 2025, and later received a copy of the stolen data on August 21, 2025, which is still being reviewed to identify affected patients.

Compromised information varies by individual and may include names, addresses, dates of birth, phone numbers, Social Security numbers, driver’s license numbers, and health information. Notification letters are being mailed, and impacted patients are being offered free single-bureau credit monitoring, credit score, and credit report services.

Keys Pathology emphasized that it outsourced data hosting for security reasons but has since cut ties with Genesis Billing Services in response to the breach.