Glendale OB/GYN Data Breach Affects Sensitive PII and PHI

On Dec. 24, 2025, Glendale Obstetrics and Gynecology, an all-female OB/GYN practice based in Glendale, Ariz., reported a data breach to the U.S. Department of Health and Human Services.

The breach was the result of a ransomware attack by the SAFEPAY group, which claimed responsibility and posted details on the dark web network Tor on Nov. 11, 2025. The group stated they had obtained data belonging to the clinic, threatening to release it unless a ransom was paid.

Information exposed may include names, addresses, dates of birth, Social Security numbers, medical histories, treatment information, insurance details, and possibly payment or billing information. While the exact number of affected individuals has not been publicly disclosed, the incident is notable for its involvement of both personally identifiable information (PII) and protected health information (PHI).

Glendale Obstetrics & Gynecology's response

In response to the ransomware attack, Glendale Obstetrics and Gynecology initiated an internal investigation and notified federal authorities. The practice is working to assess the full scope of the breach and determine exactly what information was compromised.

While the company has not publicly released details about specific support resources for affected individuals, those who believe they may be impacted should take proactive steps. These include monitoring financial accounts and credit reports for suspicious activity, placing fraud alerts or security freezes with credit bureaus, and being vigilant for phishing attempts or unsolicited communications referencing their medical care.

Given the nature of the breach, affected individuals should also consider contacting their health insurance providers to monitor for any fraudulent claims.

It is advisable to retain any correspondence from the clinic regarding the breach and follow any additional guidance provided in official notifications.