The Phia Group Data Breach Affects PII & PHI

The Phia Group, a healthcare cost containment company based in Massachusetts, experienced a data breach. The exposed information included both personally identifiable information (PII) and protected health information (PHI).

Compromised data may include names, addresses, dates of birth, Social Security numbers, driver's license numbers, health insurance information, medical records and payment information. This type of cyberattack puts impacted individuals at risk for identity theft and fraud.

The data breach was disclosed to the Massachusetts Attorney General's office on Oct. 11, 2025. The Phia Group also posted a notice of data security incident on its website and has begun notifying affected individuals by mail. So far, the data breach has impacted at least 23 individuals in Massachusetts. However, the investigation is ongoing, and the number of impacted individuals is subject to change.

The Phia Group’s response

In addition to required state and federal disclosures, The Phia Group is offering impacted individuals free Kroll credit monitoring services, which also includes fraud consultation and identity theft restoration.

If you receive a notice from The Phia Group about this data breach, you may want to:

• Sign up for the free Kroll identity theft protection services offered by Phia Group.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.