Rocky Mountain Care Discloses Data Breach Following Ransomware Attack

Utah based Rocky Mountain Care disclosed a cybersecurity incident in which an unauthorized third party accessed files on its network. The disclosure confirms claims by the Qilin Ransomware group that it had obtained the organization’s data.

According to the data event notice on the company’s website dated Mar. 27, 2026, the breach occurred between Jan. 30 and Feb. 2, 2026. Qilin Ransomware then posted its ransomware demand, along with sample data, on the dark web on Feb. 23, threatening to publish the full dataset within three to four days if their demands were not met.

It is not clear whether or not Rocky Mountain Care met the demands of the hackers and paid the ransom.

While disclosures to state attorneys general offices have not been made as of the date of publishing, the company’s notice includes state-specific information for residents of the District of Columbia, Maryland, New Mexico, New York, North Carolina and Rhode Island.

The specific types of personal information affected have not yet been confirmed. According to the company's notice, a review of the relevant data is currently underway to determine whether Protected Health Information (PHI) is involved.

Rocky Mountain Care's response

Upon becoming aware of the incident, Rocky Mountain Care stated it took steps to secure its network, investigate the unauthorized activity and determine the scope of information that may have been impacted. The company also engaged third-party cybersecurity specialists to assist with the investigation and response, according to its notification.

The company encouraged individuals to remain vigilant against identity theft and fraud by reviewing their accounts and credit reports for suspicious activity, according to the notification. Rocky Mountain Care also advised that any suspicious activity should be reported promptly to relevant parties, including insurance companies, healthcare providers and financial institutions.

In addition, the notice outlined several consumer protections available under federal law. These included information about fraud alerts, credit freezes and the right to obtain free annual credit reports from each of the three major credit reporting bureaus.

To assist individuals who may have questions, the company set up a dedicated assistance line at 1-866-397-4692. The line is available Monday through Friday from 8 a.m. to 8 p.m. Mountain Time, excluding U.S. holidays. Individuals may also write to Rocky Mountain Care at 576 West 900 South, Suite 250, Woods Cross, UT 84010.

Steps to take if your information was exposed

Because the full scope of exposed information has not yet been confirmed, individuals who have received care from Rocky Mountain Care may want to take the following precautionary steps.

• Place a fraud alert or credit freeze with Equifax (1-888-298-0045), Experian (1-888-397-3742) or TransUnion (1-833-799-5355) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com and review them for any unfamiliar accounts or suspicious activity.
• Monitor health insurance statements for services or charges that do not look familiar, since the breach may involve protected health information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338.
• Review accounts with healthcare providers for any unfamiliar activity, and report concerns to the provider or insurance company promptly.
• Be cautious of phishing attempts that reference Rocky Mountain Care or this data breach by name, as scammers often try to take advantage of these situations.