Published
June 21, 2026
Investigation Stage · No Settlement Yet · No Suit Confirmed
This page describes an ongoing data-breach notification and attorney investigation. Blue Fish Pediatrics has reported a data security incident; any claims that the practice failed to adequately protect patient information are unproven allegations. No class action has been confirmed, no class has been certified, and there is nothing to claim. This page is informational and is not legal advice.
What Is This About?
Blue Fish Pediatrics, a pediatric medical practice based in the Houston, Texas area, has begun notifying patients and their families about a data security incident that the practice says occurred in July 2025. According to the notice, an unauthorized party may have accessed or acquired files containing personal and health information for about 41,485 Texas residents. Because Blue Fish Pediatrics is a children's medical practice, many of the people whose information was involved are minors.Consumer-protection attorneys have publicly stated they are investigating whether affected patients may have legal claims. As of this writing, the matter is at an early stage: notices only began mailing on June 17, 2026, no class action has been confirmed on the public record, and there is no settlement and nothing to claim.
Status
Breach Notification Sent · Investigation
Notices mailed June 17, 2026 · no class action confirmed as of this writing
People Notified
~41,485 Texas residents
Pediatric practice — many of those affected are children
Information Involved
Names, SSNs, DOB, IDs & health data
Varies by person · SSN, driver's license/state ID, medical records, diagnoses, lab results, medications, claims data
Can I Claim?
No — nothing to claim yet
No settlement, no fund, no claim form
What Blue Fish Pediatrics Reported
According to the breach notice, Blue Fish Pediatrics discovered suspicious activity in its network and determined that an unauthorized party accessed its computer systems over a period of roughly July 11 to July 17, 2025, and may have accessed or acquired certain files during that time. The practice says it then conducted a review to identify what information was involved and which individuals were affected, completing that determination on or about May 4, 2026.Blue Fish Pediatrics began mailing written notification letters to affected individuals on June 17, 2026 — roughly eleven months after the access window closed. The practice has said it is not aware of any evidence that information has been misused for identity theft or financial fraud as a result of the incident. That statement describes what the practice currently knows; it does not guarantee that misuse will not occur, which is why notice recipients are urged to monitor their information.
What Information May Have Been Exposed
The notice states that the information involved varies by individual and may have included:• Names, dates of birth, and addresses
• Social Security numbers
• Driver's license or state identification numbers
• Health information, including medical record numbers, diagnoses or conditions, lab results, medication information, healthcare claims information, and clinical or treatment information
Not every data element applies to every person; the specific information involved is described in each individual's letter. The combination of Social Security numbers and protected health information is the kind of data that can be misused for identity theft and medical-identity fraud, which is the focus of the attorney investigation.
Why Children's Data Raises the Stakes
Because Blue Fish Pediatrics is a pediatric practice, a large share of those affected are minors. A child's Social Security number is especially valuable to identity thieves: it has no existing credit history, so a fraudulent account opened in a child's name can go unnoticed for years — often until the child turns 18 and applies for credit, a job, financial aid, or an apartment.For that reason, parents and guardians of affected children should consider placing a free credit freeze on each child's credit file with all three nationwide credit bureaus, which blocks new accounts from being opened in the child's name. Watching for any unexpected credit activity, government benefits notices, or tax filings tied to a child's information is also advisable.
Has a Lawsuit Been Filed?
Not confirmed as of this writing. The notification only began on June 17, 2026, so the matter is at the earliest possible stage. Several plaintiff-side firms have announced they are investigating potential class action claims on behalf of affected individuals, but an announced investigation is not a filed lawsuit. No case caption, case number, or court was confirmed on the public record when this page was published, and any required reporting to regulators (such as the U.S. Department of Health and Human Services and the Texas Attorney General) may still be in progress. We will update this page if a complaint is filed.Is There a Settlement?
No. This is an investigation and a breach notification, not a settlement.There is no settlement fund, no claim form, no payout, and no deadline. No class has been certified because no class action has been confirmed. If a lawsuit is filed and later settles, that step would be announced separately, and any free credit monitoring offered today by Blue Fish Pediatrics in its notice is separate from any future settlement. Be cautious of any website that claims you can "file a claim" for this matter right now.
What Should Affected Families Do Now?
If you received a Blue Fish Pediatrics notification letter, read it carefully for the specific information involved and for any complimentary credit monitoring offered to those whose Social Security number was affected — if it is offered, enroll. Be cautious about unsolicited calls, emails, or texts referencing your child's medical care, as phishing commonly follows a breach. Monitor your accounts and any medical or insurance statements for unfamiliar activity, and consider placing a fraud alert or a credit freeze for yourself and any affected child. You can report identity theft and get a recovery plan at the Federal Trade Commission's IdentityTheft.gov. There is nothing to file right now; keep any notice you receive in case a claims process is later created. For related health-data incidents, see our coverage of the Change Healthcare data breach and the One Medical data breach investigation.This page is informational and is not legal advice.
Frequently Asked Questions
Is there a Blue Fish Pediatrics data breach settlement or class action?
Not as of this writing. Notices began mailing June 17, 2026 and the matter is at an early stage. Attorneys have said they are investigating, but there is no certified class, no settlement fund, and no claim form. Nothing to claim yet.What information was exposed?
The notice says the files may have included names, Social Security numbers, dates of birth, addresses, driver's license or state ID numbers, and health information such as medical record numbers, diagnoses, lab results, medication information, healthcare claims information, and clinical or treatment information. The exact data varies by person.What should I do if my child's information was involved?
Consider placing a free credit freeze on the child's credit file with all three nationwide credit bureaus, watch for any credit activity in the child's name, and enroll in any free credit monitoring offered in the notice. Keep the letter you received.Sources
• DataBreaches.net — "Blue Fish Pediatrics notifies 41,485 Texans about data breach last year"• HIPAA Pulse — "Blue Fish Pediatrics notifies 41,485 Texans about data breach last year"
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
For more class actions keep scrolling below.
Status
Breach notice sent — investigation; no suit confirmed
Organization
Blue Fish Pediatrics (Houston, Texas)
Access Window
On or about July 11–17, 2025
Determination
On or about May 4, 2026
Notices Mailed
June 17, 2026
People Notified
~41,485 Texas residents (many minors)
