Alpine ENT Discloses 2024 Data Breach Impacting Over 65,000 People

Colorado-based Alpine ENT reported a 2024 data security incident that compromised the sensitive personal information of more than 65,000 individuals.

 

Alpine Ear, Nose & Throat is a Northern Colorado–based specialty practice with locations in Fort Collins, Loveland, and Greeley, offering comprehensive ENT, allergy, and audiology services for patients of all ages.

 

In a data security incident notice filed with the Office of Maine Attorney General, Alpine ENT said that on November 19, 2024, it identified unauthorised access within its internal network. The healthcare provider company immediately launched an investigation, with assistance from external cyber security experts and its Managed Service Provider, to determine the nature and scope of the incident.

 

“The forensic investigation concluded that certain personal information within AENT’s systems was subject to unauthorised access,” Alpine ENT said.

 

The compromised data included names and other personal identifiers including Social Security numbers. The filing with the Maine state regulator also states that the Alpine ENT has identified at least 65,648 individuals impacted by the incident.

 

“Since the discovery of the incident, we have taken additional steps to reduce the risk of this type of incident occurring in the future by enhancing our technical security measures and procedures,” Alpine ENT added.

 

While the Alpine ENT found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

 

The notorious BianLian ransomware group claimed responsibility for the cyber attack on Alpine ENT, listing it as a victim on its data leak site. The group said it had obtained confidential data from the healthcare provider including and threatened to release the entire database unless its ransom demands were met.