Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

Clinica Family Health Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a data security incident at Clinica Family Health and Mental Health Partners, a Colorado-based nonprofit healthcare entity formed by a recent merger. Contact our experienced attorneys to learn more about the next steps following a data breach incident and to discuss taking legal action. We have filed numerous data breach lawsuits on behalf of plaintiffs nationwide.

What happened at Clinica Family Health?

The healthcare community has been hit yet again with another cybersecurity incident, as a at Clinica Family Health & Wellness and Mental Health Partners reported a data breach. The incident was initially detected on March 14, 2025, and publicly disclosed around July 27, 2025, a long delay in notifying impacted individuals.

The breach has been attributed to a ransomware attack by the INC Ransom group, a group that has been quite active of late. The breach occurred within the Mental Health Partners IT environment, which was integrated into Clinica’s operations after their October 2024 merger.

INC Ransom claimed responsibility for the attack, posting sample data on its dark web portal, suggesting unauthorized access to sensitive information. While an investigation found no direct evidence of data exfiltration, Clinica conducted a review to determine the scope of potential exposure. The exact number of affected individuals remains undisclosed, as the investigation continues, but the breach impacted some of Clinica’s systems.

If personal health information (PHI) or personally identifiable information (PII)—like names, Social Security numbers, or treatment records—was accessed, patients face an increased risk of fraud and medical identity theft. For affected individuals, immediate action is critical. Monitoring financial accounts, considering a credit freeze, and enrolling in any offered monitoring services can mitigate risks.

This breach highlights the fragility of healthcare data in an era of increasing ransomware attacks. The Clinica Family Health merger, intended to enhance company coordination, may have inadvertently exposed new vulnerabilities. Contact our legal team for a free consultation.