Sun Valley Surgery Center Data Breach Affects 27,001

On Sept. 3, 2025, Sun Valley Surgery Center, an ambulatory surgery center in North Las Vegas, discovered a major data breach affecting the personal and health information of 27,001 current and former patients. The center disclosed the cyberattack to the U.S. Department of Health and Human Services on Sept. 18, 2025.

An investigation determined that the data breach exposed names, contact information, dates of birth, Social Security numbers, MRN or patient identification numbers, driver’s license or state-issued ID information, passport or other governmental ID information, health insurance details, health history, explanation of benefits, as well as treatment and diagnosis information. Sun Valley Surgery Center published a notice of data event on its website on Sept. 3, 2025.

The exposure of both PII and PHI, puts individuals at risk for identity theft and medical fraud.

Sun Valley Surgery Center's response

After detecting the breach, Sun Valley Surgery Center engaged external cybersecurity experts to assess the scope of the incident and secure their systems. The center also notified law enforcement and is issuing required state and federal disclosures.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Sun Valley Surgery Center.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.