Sierra Vista Hospital & Clinics suffered a major data breach after detecting suspicious network activity on January 29, 2025. An investigation confirmed that cybercriminals accessed and exfiltrated sensitive patient files between January 14–31, 2025, exposing personally identifiable information (PII) and protected health information (PHI). Compromised data included names, addresses, Social Security numbers, dates of birth, medical records, health insurance details, and other medical information. The breach was disclosed to regulatory authorities (Texas and Massachusetts Attorney Generals) on October 7, 2025, with notifications sent to affected patients estimated to be thousands of current and former individuals. The exposure of such sensitive data heightens risks of fraud, identity theft, and financial exploitation. In response, the hospital secured its network, engaged external cybersecurity experts, and offered free credit monitoring (Experian IdentityWorks) to victims. The incident underscores severe vulnerabilities in healthcare cybersecurity, with potential long-term repercussions for patient trust and operational integrity.
Source: https://www.claimdepot.com/data-breach/sierra-vista-hospital-2025
TPRM report: https://www.rankiteo.com/company/sierra-vista-hospital-clinics
"id": "sie0692906100725",
"linkid": "sierra-vista-hospital-clinics",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Thousands (current and former '
'patients, exact number '
'unreleased)',
'industry': 'Healthcare',
'location': ['Texas (disclosure to Texas Attorney '
'General)',
'Massachusetts (disclosure to '
'Massachusetts Attorney General)'],
'name': 'Sierra Vista Hospital & Clinics',
'type': 'Healthcare Organization'}],
'customer_advisories': ['Dedicated call center: 855-291-2594 (Mon-Fri, 9 a.m. '
'to 9 p.m. ET)',
'Free Experian IdentityWorks credit monitoring for '
'affected individuals'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Thousands (exact number '
'unreleased)',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'numbers',
'Dates of birth',
'Medical records',
'Health insurance '
'details'],
'sensitivity_of_data': 'High (includes SSN, medical records, '
'health insurance details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-01-29',
'date_publicly_disclosed': '2025-10-07',
'description': 'Sierra Vista Hospital & Clinics experienced a major data '
'breach where a cybercriminal accessed and obtained sensitive '
'patient files between January 14, 2025, and January 31, 2025. '
'The compromised files contained personally identifiable '
'information (PII) and protected health information (PHI), '
'including names, addresses, Social Security numbers, dates of '
'birth, medical records, health insurance details, and other '
'medical information. The breach was disclosed to regulatory '
'authorities and affected patients in October 2025.',
'impact': {'brand_reputation_impact': 'High (risk of fraud and identity theft '
'for thousands of patients)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Addresses',
'Social Security numbers',
'Dates of birth',
'Medical records',
'Health insurance details',
'Other medical information'],
'identity_theft_risk': 'High',
'systems_affected': ['Computer network']},
'initial_access_broker': {'high_value_targets': ['Patient PII and PHI']},
'investigation_status': 'Completed (determined data compromise on 2025-08-13)',
'post_incident_analysis': {'corrective_actions': ['Secured network',
'External cybersecurity '
'investigation',
'Credit monitoring for '
'affected individuals']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Sign up for free Experian IdentityWorks credit '
'monitoring (offered by the hospital).',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or calls exploiting exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Sierra Vista Hospital & Clinics Breach Notice'},
{'source': 'Sierra Vista Hospital & Clinics Website'}],
'regulatory_compliance': {'regulatory_notifications': ['Texas Attorney '
"General's office "
'(2025-10-07)',
'Massachusetts '
"Attorney General's "
'office (2025-10-07)']},
'response': {'communication_strategy': ['Disclosure to Texas and '
"Massachusetts Attorney Generals' "
'offices (2025-10-07)',
'Patient notifications via mail '
'(2025-10-07)',
'Dedicated call center for affected '
'individuals (855-291-2594, Mon-Fri 9 '
'a.m. to 9 p.m. ET)'],
'containment_measures': ['Secured the network'],
'incident_response_plan_activated': True,
'third_party_assistance': ['External cybersecurity '
'professionals']},
'stakeholder_advisories': ['Disclosure to Texas and Massachusetts Attorney '
"Generals' offices (2025-10-07)",
'Patient notifications via mail (2025-10-07)'],
'threat_actor': 'Cybercriminal (unknown specific identity)',
'title': 'Sierra Vista Hospital & Clinics Data Breach',
'type': 'Data Breach'}