The Phia Group Data Breach Affects PII & PHI

The Phia Group, a healthcare cost containment company based in Massachusetts, experienced a data breach. The exposed information included both personally identifiable information (PII) and protected health information (PHI).

Compromised data may include names, addresses, dates of birth, Social Security numbers, driver's license numbers, health insurance information, medical records and payment information. This type of cyberattack puts impacted individuals at risk for identity theft and fraud.

The data breach was disclosed to the Massachusetts Attorney General's office on Oct. 11, 2025. The Phia Group has begun notifying affected individuals by mail. The total number of people involved in the data breach has not been released, but may include thousands of individuals from multiple employers.

The Phia Group’s response

In addition to required state and federal disclosures, The Phia Group is offering impacted individuals free Kroll credit monitoring services, which also includes fraud consultation and identity theft restoration.

If you receive a notice from The Phia Group about this data breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Episource.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Information about the company can be found on The Phia Group’s website.