Alpine Ear, Nose, and Throat in Colorado, The Phia Group in Massachusetts, and Community Health Northwest Florida have started notifying patients that their personal and health information was impermissibly accessed over a year ago.
Alpine Ear, Nose, and Throat, Colorado
Alpine Ear, Nose, and Throat in Fort Collins, Colorado, has mailed notification letters to 65,648 individuals warning them that some of their protected health information was exposed in a security incident identified by Alpine ENT on November 19, 2024. Alpine ENT engaged its managed service provider to investigate the incident, and it was confirmed that an unauthorized third party accessed and exfiltrated files containing patients’ protected health information.
Alpine ENT’s legal counsel explained in the notification letters that a substitute data breach notice was published on the Alpine ENT website on January 17, 2025, although at the time, the investigation was ongoing. The data mining and review processes were completed on October 9, 2025, and in the subsequent months, Alpine ENT worked to verify the impacted individuals and obtained up-to-date contact information. Notification letters were mailed to the affected individuals on January 30, 2026, 14 months after the breach was first identified.
The BianLian ransomware group claimed responsibility for the attack and added Alpine ENT to its data leak site in early December 2024. Data compromised in the incident included names, demographic information, dates of birth, medical information, health information, financial account information, credit card numbers, CVC, and expiration dates, and Social Security numbers. At the time of issuing notifications, Alpine ENT said it had not identified any instances of identity theft as a result of the incident; however, as a precaution, the affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services.
The Phia Group, Massachusetts
The Phia Group, LLC, a Canton, Massachusetts-based provider of healthcare cost containment services to health benefit plans and their third-party administrators, has recently notified individuals about a July 2024 security incident that exposed personal and protected health information. According to The Phia Group, an intrusion was detected on July 9, 2024, and the investigation confirmed that its network had been subject to unauthorized access between July 8, 2024, and July 9, 2024. During that time, files containing sensitive data may have been acquired…