Glendale Obstetrics & Gynecology Data Breach Exposes Patient Data

Glendale Obstetrics & Gynecology, an all-female OB/GYN practice based in Glendale, Arizona, disclosed a data breach involving sensitive patient information. The practice provides comprehensive women's healthcare and serves patients across the West Valley of Arizona.

The breach was disclosed to the U.S. Department of Health and Human Services on Dec. 24, 2025. It was also reported to the New Hampshire Attorney General on April 13, 2026, with one New Hampshire resident identified as affected, and to the Massachusetts Office of Consumer Affairs and Business Regulation on May 26, 2026, with three Massachusetts residents identified as affected. According to the company's notification to consumers, one Rhode Island resident was also notified.

The practice discovered the breach on Oct. 25, 2025, and completed its review of affected individuals on March 16, 2026.

According to the company's notification to consumers, the practice identified a network disruption affecting a portion of its digital environment. It took immediate steps to secure its systems and launched an investigation to determine the nature and scope of the incident.

The investigation found that certain files had been acquired by an unauthorized individual. On Nov. 11, 2025, a ransomware group known as Safepay posted a claim on a Tor dark web network stating it had obtained the organization's data.

The practice then reviewed the compromised files to identify what information they contained and which individuals were affected. According to the company's notification, the types of information exposed included names, Social Security numbers, medical records, financial account information, driver's licenses and credit or debit card numbers.

Glendale Obstetrics & Gynecology's response

After discovering the incident, the practice launched an investigation and implemented additional security features to reduce the risk of a similar event in the future, according to the company's notification to consumers. The practice then worked to identify and notify affected individuals.

Given the sensitive nature of the information involved, the practice is offering affected individuals 12 months of free credit monitoring, credit report and credit score services. These services are provided through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation. Enrollees will receive same-day alerts when changes are made to their credit files.

The practice is also offering proactive fraud assistance to help individuals who have questions or who become victims of fraud. Affected individuals received a notification letter containing a unique enrollment code needed to access these services.

A dedicated call center has been set up to assist those with questions about the incident. Cyberscout representatives can be reached at 1-833-289-6054 from 5 a.m. to 5 p.m. Pacific time, Monday through Friday, excluding U.S. holidays. According to the company's notification, representatives will be available for 90 days from the date of each individual's notification letter.

In its notification, the practice stated, "Please accept our sincere apologies and know that we deeply regret any concern or inconvenience that this may cause you."