Sierra Vista Data Breach Exposes SSNs & Medical Info of 75K

Sierra Vista Hospital & Clinics experienced a major data breach. On Jan. 29, 2025, the healthcare organization discovered suspicious activity within its computer network. A review determined that the compromised files contained both personally identifiable information (PII) and protected health information (PHI) of at least 75,054 in the U.S., including 484 residents in Texas, seven in Massachusetts and four in New Hampshire.

An investigation revealed that a cybercriminal may have accessed and obtained sensitive patient files between Jan. 14, 2025 and Jan. 31, 2025.

A review took place and on Aug. 13, 2025, it was determined that the compromised files contained both personally identifiable information (PII) and protected health information (PHI). Exposed information included first and last names, Social Security numbers, addresses, state identification number/driver’s license numbers, medical information, and health insurance information.

Sierra Vista Hospital & Clinics disclosed the breach to the U.S. Department of Health and Human Services on Oct. 6, 2025, and published a data security incident notice on its website. The healthcare organization began notifying affected patients by mail on Oct. 7, 2025.

The cybersecurity incident was also disclosed to the Texas and Massachusetts Attorney Generals' offices on Oct. 7, 2025 and the New Hampshire Attorney General on Oct. 10, 2025.

The total number of impacted individuals has not been released, but is believed to include thousands of current and former patients. The combination of personal and protected health information puts consumers at risk for fraud and identity theft.

Sierra Vista Hospital & Clinics' response

After discovering the breach, Sierra Vista Hospital & Clinics secured their network and launched an investigation with the help of external cybersecurity professionals. In addition to required state and federal disclosures, the healthcare organization is offering impacted individuals free Experian IdentityWorks credit monitoring services.

If you receive a notice from Sierra Vista Hospital and Clinics about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the hospital.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information, affected individuals can contact the dedicated call center at 855-291-2594, available Monday through Friday from 9 a.m. to 9 p.m. Eastern time.

More information about the healthcare organization can be found on the Sierra Vista Hospital & Clinics website.