.png)
Cedar Point Health Data Breach Exposes PII and PHI of 23k
On June 16, 2023, Cedar Point Health, LLC, a healthcare provider based in Western Colorado, discovered a data breach that impacted the personal and medical information of patients and employees. The incident involved unauthorized access to Cedar Point Health’s systems, exposing a wide range of sensitive data.
The information affected included both personally identifiable information (PII) and protected health information (PHI). Specifically, the exposed data consisted of names, addresses, dates of birth, Social Security numbers and ITINs, driver’s license numbers or state-issued identification numbers, passport numbers, financial account information, health insurance details, and extensive medical information such as clinical notes, diagnoses, procedures and treatment records.
While the exact method of intrusion has not been publicly disclosed, the exposed data could be used for identity theft, financial fraud or medical identity theft.
The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation and to the U.S. Department of Health and Human Services on Feb. 12, 2026, and a detailed notice was posted on the company’s website.
The total number of individuals impacted is 23,114, with four residents of Massachusetts affected.
Cedar Point Health's response
To support impacted individuals, Cedar Point Health is offering complimentary identity monitoring services through Kroll, a global leader in risk mitigation and response. These services include single-bureau credit monitoring, fraud consultation and identity theft restoration.
Affected individuals can activate these services using the instructions provided in the company’s notice. The notice also provides state-specific resources and contact information for attorney general offices, as well as guidance from the Federal Trade Commission on identity theft prevention.
In addition, the company’s notice outlines practical steps individuals can take to protect themselves:
- Place a one-year fraud alert on credit files with Equifax, Experian or TransUnion
- Consider placing a security freeze on credit reports to prevent unauthorized access
- Obtain free credit reports and review them for unfamiliar activity
- Monitor health insurance statements and explanation of benefits for signs of medical identity theft
- Contact law enforcement and file a police report if suspicious activity is detected
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)