Swift Institute Data Breach Exposes Sensitive Patient Information
A data breach at Swift Institute, a Nevada-based medical practice, has compromised sensitive personal and health information of patients and associated individuals. The incident was detected on January 30, 2025, after unusual network activity was identified. An investigation revealed that an unauthorized individual copied files on or around January 28, 2025, exposing a range of data, including:
- Personally Identifiable Information (PII): Names, Social Security numbers, driver’s license/state ID numbers, dates of birth, financial account details, and credit/debit card information.
- Protected Health Information (PHI): Medical records, health insurance details, and digital signatures.
Swift Institute completed its review of the impacted data on December 4, 2025, and began notifying affected individuals shortly after. The breach was reported to the California Attorney General on December 12, 2025, and the company published a Notice of Data Event on its website.
In response, Swift Institute engaged legal counsel and third-party forensic specialists to assess the breach. Affected individuals are being offered 12 months of complimentary credit monitoring and identity theft restoration services through Cyberscout (a TransUnion company), including single-bureau credit monitoring, reports, and scores. Enrollment must be completed within 90 days of receiving notification.
The company has also provided guidance on fraud alerts, credit freezes, and credit report monitoring, along with a dedicated assistance line (833-844-8151) for support. The breach underscores the risks of unauthorized access to both PII and PHI, highlighting the need for heightened vigilance in monitoring financial and medical records.
Source: https://www.claimdepot.com/data-breach/swift-institute-2025
Swift Institute cybersecurity rating report: https://www.rankiteo.com/company/swiftinstitute
"id": "SWI1765656262",
"linkid": "swiftinstitute",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Nevada, USA',
'name': 'Swift Institute',
'type': 'Medical Practice'}],
'customer_advisories': 'Offering 12 months of complimentary credit monitoring '
'and identity theft restoration services through '
'Cyberscout (TransUnion). Dedicated assistance line at '
'833-844-8151.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Driver’s license or '
'state identification '
'card numbers',
'Dates of birth',
'Financial account '
'information',
'Credit or debit card '
'information',
'Medical information',
'Health insurance '
'information',
'Digital signatures'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-01-30',
'date_publicly_disclosed': '2025-12-04',
'description': 'A recent data breach at Swift Institute has exposed sensitive '
'personal and health information of patients and individuals '
'associated with the Nevada-based medical practice. The '
'incident was discovered after unusual activity was detected '
'within its network environment, leading to the discovery that '
'certain files were copied by an unauthorized individual.',
'impact': {'data_compromised': 'Sensitive personal and health information, '
'including PII and PHI',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Completed',
'recommendations': 'Affected individuals are encouraged to monitor financial '
'accounts, review credit reports, place fraud alerts or '
'credit freezes, notify financial institutions, and remain '
'vigilant for identity theft or fraud.',
'references': [{'source': 'Swift Institute Notice of Data Event'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to '
'California Attorney '
'General on '
'2025-12-12']},
'response': {'communication_strategy': 'Notice of Data Event posted on '
'website, notification letters sent to '
'affected individuals',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Legal counsel and third-party '
'forensic specialists'},
'title': 'Swift Institute Data Breach',
'type': 'Data Breach'}