- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Patients Notified of Data Breaches at Healthcare Providers Over a Year Later
Alpine Ear, Nose, and Throat, The Phia Group, and Community Health Northwest Florida all recently notified patients of security incidents that occurred in 2024.
Feb. 3, 2026 at 9:15am
Got story updates? Submit your updates here. ›
Patients of three healthcare providers - Alpine Ear, Nose, and Throat in Colorado, The Phia Group in Massachusetts, and Community Health Northwest Florida - have been notified that their personal and health information was accessed by unauthorized parties over a year ago. The providers have cited lengthy investigation and notification processes as the reason for the delayed notifications.
Why it matters
These incidents highlight the ongoing challenges healthcare organizations face in detecting, investigating, and notifying patients of data breaches in a timely manner. Delayed notifications can leave patients vulnerable to identity theft and other misuse of their sensitive information for an extended period.
The details
Alpine Ear, Nose, and Throat in Fort Collins, Colorado notified 65,648 patients that their information, including names, dates of birth, medical records, financial data, and Social Security numbers, was accessed by the BianLian ransomware group in November 2024. The Phia Group, a Massachusetts-based healthcare cost containment services provider, notified clients and their members that files containing sensitive data may have been accessed in a July 2024 incident. Community Health Northwest Florida also recently notified patients that an unauthorized party accessed their information, including names, Social Security numbers, and medical records, in a December 2024 incident.
- The Alpine Ear, Nose, and Throat breach was first identified on November 19, 2024.
- The Phia Group incident occurred between July 8-9, 2024.
- The Community Health Northwest Florida breach was identified on December 24, 2024.
The players
Alpine Ear, Nose, and Throat
A healthcare provider based in Fort Collins, Colorado.
The Phia Group
A Massachusetts-based provider of healthcare cost containment services to health benefit plans and their third-party administrators.
Community Health Northwest Florida
A healthcare provider in the Northwest Florida region.
BianLian
A ransomware group that claimed responsibility for the attack on Alpine Ear, Nose, and Throat.
What they’re saying
“We must not let individuals continue to damage private property in San Francisco.”
— Robert Jenkins, San Francisco resident
“Fifty years is such an accomplishment in San Francisco, especially with the way the city has changed over the years.”
— Gordon Edgar, grocery employee
The takeaway
These delayed breach notifications underscore the need for healthcare organizations to improve their incident response and notification processes to better protect patient data and minimize the potential harm to affected individuals. Timely notification is crucial to allow patients to take appropriate steps to monitor for and mitigate the risks of identity theft and fraud.
