A major data breach at a Colorado medical clinic has put tens of thousands of patients at risk, highlighting the persistent dangers healthcare organizations face from cyberattacks.
Alpine Ear, Nose & Throat, a provider of otolaryngology services with offices in Fort Collins, Loveland, and Greeley, Colorado, recently confirmed that it has notified 65,648 individuals about a cybersecurity incident that exposed a broad range of their personal information.
What Data Was Compromised
According to the clinic’s notification and investigations, the breach — which occurred in November 2024 but was only publicly detailed now — compromised:
- Patients’ names
- Social Security numbers
- Credit card information, including expiration dates and CVC codes
- Financial account details
- Medical information
- Health insurance information
- Dates of birth
- Demographic data such as addresses and contact details
This combination of personal, financial, and medical data is considered among the most sensitive categories of information. Exposure of Social Security numbers and credit card details in particular significantly increases the risk of identity theft, financial fraud, and tax-related scams. Criminals could use this data to open fraudulent accounts, file fraudulent tax returns, or impersonate victims in financial transactions.
Who Took Credit for the Hack
A ransomware group called BianLian claimed responsibility for the incident. The group posted Alpine ENT on its dark web data leak site, asserting that it had stolen employee, financial, and patient records. Ransomware gangs like BianLian typically steal data, then threaten to publish it unless a ransom is paid — though it is unclear whether Alpine ENT ever made any payment or even negotiated with the attackers.
The clinic has not publicly confirmed how cybercriminals infiltrated its systems, what vulnerabilities were exploited, or whether an internal error, phishing attack, or other vector was involved.
Delay in Notification
Alpine ENT first acknowledged that a “potential unauthorized access” to its systems occurred on November 19, 2024, and posted an initial notice in January 2025. However, it did not disclose the number of affected individuals or the types of data involved until early February 2026 — more than a year after the breach was discovered.
This long delay raises questions about how quickly the clinic responded and when affected individuals could begin protecting themselves against fraud.
What Affected Individuals Can Do
In its notification, Alpine Ear, Nose & Throat said it is offering free credit monitoring through a third-party provider for eligible patients. The deadline to enroll in these services is April 30, 2026.
Security experts recommend that people affected by breaches like this should also:
- Monitor bank and credit card statements for unauthorized charges
- Place fraud alerts or credit freezes with major credit bureaus
- Check their medical records for unexplained visits or treatments
- Be cautious of phishing emails or scam calls that reference their personal data
Why Healthcare Data Is Valuable — and Vulnerable
Healthcare providers have become prominent targets for cybercriminals because the data they collect is both rich and unique. A full medical record can include dozens of identifiers such as names, birth dates, Social Security numbers, insurance details, and treatment histories — all of which can be sold on underground markets or used in sophisticated fraud schemes.
Reports show that ransomware attacks and other hacking incidents against U.S. healthcare organizations have surged in recent years, affecting millions of patients and costing billions in remediation efforts. These breaches compromise not just financial and identity information, but also deeply private medical data that can be difficult to change or protect once exposed.
