Data Security Incident

April 3, 2026

Salt Lake City, Utah – Rocky Mountain Associated Physicians, P.C. (“Rocky Mountain”) is notifying affected individuals of a data security incident that may have involved certain individuals’ personal, protected health, and/or financial information

What Happened?

At an unknown date (no earlier than October 30, 2025), an advanced malicious cyber actor was able to gain unauthorized access to certain systems within Rocky Mountain’s databases, including its patient database and other data files. On February 2, 2026, Rocky Mountain confirmed that certain patient information may have been compromised as a result of this incident.

What Information Was Involved?

The information involved may have included individuals’ names, dates of birth, Social Security numbers, addresses, contact information, medical record numbers, diagnosis and treatment information, insurance information, and financial information (e.g., credit or debit card numbers and PIN numbers). Not all data elements were necessarily involved for every affected individual.

What We Are Doing

Upon discovery that personal health and financial information had been compromised, Rocky Mountain promptly took steps to secure our systems, engaged a third-party forensic investigation firm to conduct a thorough review of the incident, and notified law enforcement. The US Department of Health and Human Services Office for Civil Rights and the Internet Crime Complain Center (IC3) have also been notified. We are continuing to implement additional safeguards to help prevent a recurrence of such an attack and to protect the privacy of Rocky Mountain Associated Physicians patients.

Rocky Mountain is also offering affected individuals who contact Rocky Mountain 12 months of complimentary credit monitoring and identity restoration services through Experian IdentityWorks.

What You Can Do

As a precaution, individuals are encouraged to remain vigilant by reviewing their account statements and credit reports and to report any suspicious activity or suspected identity theft to their financial institution, law enforcement, or the Federal Trade Commission. Individuals may also consider placing a fraud alert or security freeze on their credit files.

Rocky Mountain sincerely regrets any concern or inconvenience this incident may cause and remains committed to protecting the privacy and security of the information in its care.

For more information, individuals may contact Rocky Mountain toll-free at 800-999-9970 or via email at databreachinfo@rmapinc.com.