Lone Peak Psychiatry Data Breach Exposes Medical Records

Lone Peak Psychiatry, a mental health practice based in Utah, has disclosed a data breach that may have exposed patient information, including medical records.

A filing dated April 13, 2026, with the Massachusetts Office of Consumer Affairs and Business Regulation identifies one resident in the state as affected by the breach. As of April 7, 2026, Lone Peak Psychiatry began notifying affected individuals of the incident by first-class mail.

What happened in the Lone Peak Psychiatry data breach

Lone Peak Psychiatry's notification letter identifies a data incident that may have affected the personal information of patients.

The letter, however, does not include specific dates for when the incident took place or details about how it was discovered. It also does not describe which internal systems or databases were affected or how the company determined that patient information was at risk.

Based on the regulatory filing, the types of information potentially exposed include medical records. The notification letter references "personal information" more broadly but does not list the specific categories of data that may have been compromised.

The total number of individuals affected by the breach across the United States has not been publicly disclosed.

Lone Peak Psychiatry's response to the breach

Lone Peak Psychiatry is providing affected individuals with 24 months of complimentary credit monitoring services including single-bureau credit monitoring, a single-bureau credit report and a single-bureau credit score.

These services are provided through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. To enroll, affected individuals must visit the Cyberscout activation page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days from the date of the letter.

Lone Peak Psychiatry has also established a dedicated help line at 1-800-405-6108 for anyone with questions about the incident. Fraud specialists are available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding holidays.

The help line will remain active for 90 days from the date of the letter. Callers will need to provide the unique code from their notification letter when reaching out to the help line.

In addition to the credit monitoring, the company is offering proactive fraud assistance to help individuals who have questions or who may become victims of fraud as a result of the breach. The notification letter also provided detailed instructions on how to place, lift or remove a security freeze with each of the three major credit reporting agencies: Equifax, Experian and TransUnion.

Steps to take if your information was exposed

• Place a credit freeze with Equifax (1-800-685-1111), Experian (1-888-397-3742) and TransUnion (1-888-909-8872) to help prevent unauthorized accounts from being opened using personal information.
• Review credit reports at AnnualCreditReport.com for any unfamiliar accounts, hard inquiries or other suspicious activity that could indicate identity theft.
• Monitor health insurance statements for any claims, services or prescriptions that were not authorized, as medical records were among the types of information potentially exposed in this breach.
• Be cautious of phishing attempts that reference Lone Peak Psychiatry or this data breach by name, especially unsolicited emails, phone calls or text messages asking for personal or medical information.
• Contact your health insurer to report the potential exposure of medical records and ask about any additional fraud protections available for your account.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov and consider filing a report with local law enforcement if unauthorized activity is discovered.