Rocky Mountain: Data Breach Affects 50,640

Rocky Mountain Associated Physicians, P.C., a medical group practice in Salt Lake City, Utah, disclosed a data breach that affected approximately 50,640 individuals in the United States.

The breach was disclosed to the U.S. Department of Health and Human Services on April 3, 2026. The company also posted a notice about the incident on its website with information for affected individuals.

What happened in the Rocky Mountain Associated Physicians data breach

On Jan. 30, 2026, PEAR, a cybercrimincal group, posted on the dark web using the Tor network, claiming to have obtained approximately 1.7 terabytes of data from Rocky Mountain.

According to the dark web posting, the compromised data reportedly included business operations data, HR records, OneDrive files, provider and vendor data, numerous patients' personally identifiable information and protected health information records, payment details, mailboxes and email correspondence, databases and related information.

As disclosed in regulatory filings, the confirmed types of consumer information to have been exposed in the breach included names, dates of birth, Social Security numbers, addresses, contact information, medical record numbers, diagnosis and treatment information, insurance information and financial information such as credit or debit card numbers and PIN numbers.

Rocky Mountain Associated Physicians' response to the breach

Rocky Mountain has begun the process of notifying individuals whose information may have been involved in the breach.

Additionally, the organization is offering any affected individual who contacts them with 12 months of complimentary credit monitoring and identity restoration services through Experian IdentityWorks.

Those who believe they may be affected are encouraged to visit the company's notice page for the most current information about available protections and support resources. The practice's general phone number is 801-268-3800, and its offices are open Monday through Friday from 9 a.m. to 5 p.m.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to help prevent new accounts from being opened using your information.
• Request and review free credit reports at AnnualCreditReport.com, checking carefully for any unfamiliar accounts, inquiries or address changes you did not authorize.
• Monitor bank and credit card statements closely for unauthorized transactions, and contact your card issuer immediately to request a new card number if your payment information may have been exposed in this breach.
• Watch for phishing attempts that reference Rocky Mountain Associated Physicians or this data breach by name, as criminals may use details from the breach to craft convincing emails, phone calls or text messages designed to steal additional information.
• Review Explanation of Benefits statements from your health insurer for medical services, prescriptions or equipment you did not receive, which could be a sign that someone is using your medical identity.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov, which will walk you through creating a personalized recovery plan based on your situation.