Rocky Mountain Associated Physicians Reports Massive Data Breach Affecting 50,640 Individuals
Rocky Mountain Associated Physicians, P.C., a Salt Lake City-based medical group, disclosed a significant data breach impacting 50,640 individuals across the U.S. The incident was reported to the U.S. Department of Health and Human Services (HHS) on April 3, 2026, with a public notice posted on the company’s website.
The breach was first exposed on January 30, 2026, when the cybercriminal group PEAR claimed on the dark web to have stolen 1.7 terabytes of data from the organization. The compromised information reportedly included:
- Business operations and HR records
- OneDrive files and email correspondence
- Provider and vendor data
- Patients’ personally identifiable information (PII) and protected health information (PHI)
- Payment details, including credit/debit card numbers and PINs
Regulatory filings confirmed that exposed data included names, dates of birth, Social Security numbers, addresses, medical records, diagnosis/treatment details, insurance information, and financial data.
In response, Rocky Mountain Associated Physicians began notifying affected individuals and is offering 12 months of complimentary credit monitoring and identity restoration services through Experian IdentityWorks. The organization has provided a dedicated notice page for updates and can be reached at 801-268-3800 during business hours (Monday–Friday, 9 a.m.–5 p.m.).
Source: https://www.claimdepot.com/data-breach/rocky-mountain-associated-physicians-2026
Rocky Mountain Care cybersecurity rating report: https://www.rankiteo.com/company/rocky-mountain-care
"id": "ROC1776090710",
"linkid": "rocky-mountain-care",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '50,640',
'industry': 'Healthcare',
'location': 'Salt Lake City, Utah, USA',
'name': 'Rocky Mountain Associated Physicians, P.C.',
'type': 'Medical Group'}],
'customer_advisories': '12 months of complimentary credit monitoring and '
'identity restoration services through Experian '
'IdentityWorks. Contact: 801-268-3800 (Monday–Friday, '
'9 a.m.–5 p.m.)',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '50,640',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Social Security '
'numbers',
'Addresses',
'Medical records',
'Diagnosis/treatment '
'details',
'Insurance '
'information',
'Financial data',
'Credit/debit card '
'numbers',
'PINs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Business operations and HR '
'records',
'OneDrive files',
'Email correspondence',
'Provider and vendor data',
"Patients' PII/PHI",
'Payment details']},
'date_detected': '2026-01-30',
'date_publicly_disclosed': '2026-04-03',
'description': 'Rocky Mountain Associated Physicians, P.C. disclosed a '
'significant data breach impacting 50,640 individuals across '
'the U.S. The breach involved the theft of 1.7 terabytes of '
'data, including business operations, HR records, OneDrive '
'files, email correspondence, provider and vendor data, '
"patients' PII/PHI, and payment details.",
'impact': {'data_compromised': '1.7 terabytes',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Rocky Mountain Associated Physicians Notice'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(HHS)'},
'response': {'communication_strategy': 'Public notice on company website, '
'dedicated notice page, and phone '
'support',
'third_party_assistance': 'Experian IdentityWorks'},
'threat_actor': 'PEAR',
'title': 'Rocky Mountain Associated Physicians Data Breach',
'type': 'Data Breach'}