Northwest Medical Homes Data Breach Exposes PII and PHI for 98k

Northwest Medical Homes, LLC, a family medicine and primary care provider in Oregon, recently experienced a data breach that impacted the personal and health information individuals in the United States.

The incident occurred between March 19, 2025, and May 20, 2025, when unauthorized access was detected on the company’s computer network.

Upon discovering suspicious activity on May 13, 2025, NMH initiated its incident response protocols, engaging third-party cybersecurity experts to secure its environment and conduct a digital forensic investigation.

The investigation revealed that the breach allowed unauthorized individuals to access sensitive data, including both personally identifiable information (PII) and protected health information (PHI). The types of information exposed varied by individual but included name, address, date of birth, medical information, health insurance information and, for a limited number of people, Social Security number.

The breach was officially reported to the U.S. Department of Health and Human Services on July 13, 2025, as well to the attorneys general of California, Massachusetts, and Oregon on March 5, 2026. Additionally, NMH posted a notice of the incident on its website.

The incident has affected a total of 98,527 individuals, including 20 individuals in Massaschusetts.

Northwest Medical Homes' response

To support those affected, the company is offering complimentary credit monitoring and identity restoration services for up to 24 months through a specialized vendor. Affected individuals received formal notification letters with instructions on how to enroll in these services.

The company has also provided a dedicated call center at 1-844-842-8002 for questions and additional support.

Given the nature of the breach, individuals are encouraged to remain vigilant by monitoring their financial and medical accounts for suspicious activity. Steps such as placing a fraud alert or security freeze with credit bureaus, obtaining free annual credit reports, and considering an IRS Identity Protection PIN can help mitigate risks.