Cyber Incident Victim: Alpine Ear, Nose, and Throat
Date:
Nov 2024
Location:
United States of America
Summary
A cybersecurity incident at Alpine Ear, Nose, and Throat involved unauthorized access to its computer systems following the detection of suspicious network activity. The breach potentially compromised sensitive patient information, including demographic details, medical records, health insurance data, and—for some individuals—financial account numbers, credit card information with security codes, and Social Security numbers. A national law firm has initiated an investigation into potential legal claims arising from the exposure of this personal data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 19, 2024, Alpine Ear, Nose, and Throat (AENT), a medical provider serving patients across Northern Colorado communities including Fort Collins, Loveland, and Greeley, detected suspicious activity within its computer network. The organization immediately initiated an investigation to assess the nature and scope of the incident. Forensic analysis confirmed that unauthorized actors had accessed AENT's systems, compromising stored personal information. The breached data included patient demographic details, full names, dates of birth, medical records, and health insurance information. For a subset of individuals, the exposure extended to financial account data, credit card numbers with associated security codes (CVC) and expiration dates, and Social Security numbers. AENT did not publicly disclose the exact number of affected individuals or the specific duration of unauthorized access prior to detection. The investigation concluded that sensitive patient information had been exfiltrated or viewed without authorization, though the methodology of the attack and identity of threat actors remained undisclosed.
The compromised data categories created significant risks for identity theft, financial fraud, and medical identity theft among impacted patients. AENT began issuing data breach notifications to affected individuals following the completion of its internal investigation, though the exact notification timeline was not specified in public disclosures. Law firm Edelson Lechtzin LLP initiated an independent investigation into the incident on behalf of customers, announcing on February 2, 2026, that it was evaluating potential legal claims related to data security practices. The firm emphasized the exposure of highly sensitive personal and financial information as grounds for a class action lawsuit seeking remedies for breach victims. While AENT did not publicize specific containment measures or system security enhancements implemented post-breach, affected individuals were advised to monitor financial accounts and credit reports for unauthorized activity. The incident disrupted patient data confidentiality at a regional healthcare provider specializing in ENT and allergy services, with legal proceedings remaining pending as of the latest available reporting.