Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products
Data breaches have been announced by Fieldtex Products in New York State and the Utah ear, nose & throat specialists, Cache Valley Ear ENT.
Fieldtex Products, New York
Fieldtex Products, a medical supply fulfillment organization based in Rochester, New York, has announced a data security incident involving unauthorized access to its computer systems. The intrusion was identified on August 19, 2025, and action was immediately taken to secure its network and prevent further unauthorized access. A third-party digital forensics team was engaged to investigate the incident, which confirmed that a limited amount of protected health information had been exposed and may have been accessed or stolen in the attack.
The exposed data related to the over-the-counter healthcare-related products provided by Fieldtex to members of its health plan clients. In order to provide those products, health plans provided Fieldtex with protected health information such as patient names, addresses, dates of birth, insurance member identification numbers, plan names, effective terms, and gender.
The analysis of the exposed data was completed on September 30, 2025, and the affected health plans were notified immediately. Fieldtex has sent notification letters to the affected individuals on behalf of the health plans that authorized Fieldtex to provide direct notice and has offered those individuals complimentary credit monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
At the time of issuing notification letters, Fieldtex was unaware of any misuse of the exposed data. Steps have been taken to improve security, and data security policies and procedures are being reviewed. Three separate Fieldtex Products data breach reports were added to the HHS’ Office for Civil Rights breach portal on December 3, 2025, affecting a total of 35,748 individuals, in addition to a November 20, 2025, report involving the protected health information of 238,615 individuals.
Cache Valley Ear, Nose & Throat, Utah
Legal counsel for Cache Valley Ear, Nose & Throat (Cache Valley ENT) has notified state attorneys general about a February 2025 data security incident that exposed patient information. Suspicious activity was identified within its network on February 4, 2025. An investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.
The North Logan, Utah-based healthcare provider confirmed that data may have been viewed or copied on February 4, 2025. The review of the exposed data was completed on November 4, 2025, when it was confirmed that names, addresses, provider names, drug names, and insurance provider names were involved. While highly sensitive patient data such as Social Security numbers and financial information do not appear to have been involved, out of an abundance of caution, the affected individuals have been offered 12 or 24 months of complimentary credit monitoring and identity theft protection services. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
