Cache Valley ENT Discloses Data Breach to Multiple State Attorneys General Offices

On Nov. 21, 2025, North Logan, Utah based Cache Valley Ear Nose & Throat, disclosed a data breach that affecting its patients. The breach was reported to both the Massachusetts and New Hampshire Attorneys General, with one resident affected in each of those states. The incident also impacted one individual in Rhode Island.

The breach originated on Feb. 4, 2025, when Cache Valley Ear Nose & Throat (CVENT) discovered unusual activity in its email environment. Upon detection, the clinic launched an investigation with the help of legal counsel and third-party forensic specialists. The investigation determined that an unauthorized individual had accessed and potentially copied sensitive information from the clinic’s systems on that same day.

A review of the compromised data concluded on Nov. 4, 2025, and identified that the information potentially exposed included names, addresses, provider names, drug names and insurance provider names.

The exposure of both PII and PHI means that even a small breach like this can have significant privacy implications for those involved.

Cache Valley Ear Nose & Throat's response

CVENT is offering complimentary credit monitoring and identity theft protection services. Impacted individuals are eligible for either 12 or 24 months of free credit monitoring, depending on their state of residence. These services are being provided through Cyberscout, a TransUnion company, and include proactive fraud assistance and credit file alerts.

Those affected are encouraged to remain vigilant by reviewing account statements and monitoring credit reports for suspicious or unauthorized activity. Security experts also recommend contacting financial institutions and credit bureaus to discuss the possibility of placing a fraud alert or security freeze on credit files. Detailed instructions and resources for protecting personal information are included in the notification letters sent to affected individuals.

Anyone with questions about the breach or the services offered can contact the assistance line provided in the notification letter. The company’s response has focused on transparency, timely notification and providing practical tools for affected individuals to protect themselves.