The Anchorage Neighborhood Health Clinic (ANHC), a federally qualified health center, suffered a cyber incident where an anonymous hacker group claimed to have leaked 10,000 patient records—including Social Security numbers, addresses, driver’s licenses, insurance details, dates of birth, and phone numbers—onto the internet. The attackers directly contacted affected patients via email, exposing their sensitive data. ANHC confirmed an ongoing forensic investigation with law enforcement and cybersecurity experts, acknowledging unauthorized access to its systems. The breach disrupted operations, causing limited computer access, downed phone lines since August 22, and potential reputational harm. Patients like 'Elizabeth' verified receiving emails from hackers containing their personal information, confirming the data compromise. ANHC, which serves underserved populations, faces risks of fraud, identity theft, and loss of trust among patients dependent on its primary healthcare services.
TPRM report: https://www.rankiteo.com/company/anchorage-neighborhood-health-center-inc.
"id": "anc2211022110425",
"linkid": "anchorage-neighborhood-health-center-inc.",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '10,000 (claimed by hackers)',
'industry': 'healthcare',
'location': 'Anchorage, Alaska, USA',
'name': 'Anchorage Neighborhood Health Clinic (ANHC)',
'type': 'federally qualified health center'}],
'customer_advisories': ['email from ANHC acknowledging incident and urging '
'caution'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '10,000 (claimed)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'dates of birth',
'addresses',
'phone numbers',
'driver’s licenses',
'insurance '
'information'],
'sensitivity_of_data': 'high (includes SSNs, driver’s '
'licenses, insurance info)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)']},
'date_publicly_disclosed': '2025-08-XX',
'description': 'An anonymous hacker group claimed to have leaked 10,000 '
'patient records from the Anchorage Neighborhood Health Clinic '
'(ANHC), including sensitive information such as addresses, '
'Social Security numbers, driver’s licenses, and insurance '
'details. The clinic is investigating with law enforcement and '
'cybersecurity experts. Patients reported being directly '
'contacted by hackers with their personal information. ANHC '
'confirmed limited computer access and downed phone lines '
'since August 22, 2025.',
'impact': {'brand_reputation_impact': ['potential loss of trust among '
'patients',
'media coverage of breach'],
'customer_complaints': ["reports from patients like 'Elizabeth' "
'about direct contact by hackers'],
'data_compromised': ['names',
'Social Security numbers',
'dates of birth',
'addresses',
'phone numbers',
'driver’s licenses',
'insurance information'],
'downtime': {'end_date': None,
'services_affected': ['phone lines',
'computer access',
'potentially other IT systems'],
'start_date': '2025-08-22'},
'identity_theft_risk': ['high (SSNs, driver’s licenses, and '
'insurance info exposed)'],
'operational_impact': ['limited computer access',
'disrupted communication (phone/email)',
'patient trust erosion'],
'payment_information_risk': ['insurance information compromised'],
'systems_affected': ['patient records database',
'email systems',
'phone lines',
'computer networks']},
'initial_access_broker': {'high_value_targets': ['patient records database']},
'investigation_status': 'ongoing (early stages)',
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2025-08-XX',
'source': 'KTUU (Alaska’s News Source)',
'url': 'https://www.ktuu.com'}],
'regulatory_compliance': {'regulatory_notifications': ['Alaska Department of '
'Health (unaware as of '
'report)',
'potential HIPAA '
'violations (implied '
'but not confirmed)']},
'response': {'communication_strategy': {'advisories': ['warning patients not '
'to engage with hacker '
'communications'],
'patient_notifications': ['email from '
'Director '
'of Risk '
'Management '
'and '
'Compliance '
'Melissa '
'Pearl '
'acknowledging '
'potential '
'breach'],
'public_statements': ['Facebook post '
'about '
"'technical "
"difficulties'",
'media '
'statements by '
'Director of '
'Communications '
'Ahliil '
'Saitanan']},
'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI (unconfirmed)',
'Anchorage Police Department (no '
'response)'],
'recovery_measures': ['investigation ongoing',
'patient notifications sent'],
'third_party_assistance': ['national cybersecurity experts']},
'stakeholder_advisories': ['patients warned not to engage with hacker '
'communications'],
'threat_actor': 'anonymous hacker group',
'title': 'Anchorage Neighborhood Health Clinic Data Breach',
'type': ['data breach', 'unauthorized access', 'patient data exposure']}