Colorado Health Network this week confirmed it notified 68,212 people of a July 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Debit and credit card info
- Financial account info
- Medical info including:
- Diagnoses
- Conditions
- Prescriptions
- Provider names and locations
- Health insurance info
- State-issued ID numbers (e.g. driver’s license, passport)
CHN said it discovered the breach occurred on July 29, 2025, according to a disclosure published by Indiana state attorney general. It began notifying patients almost 11 months later on June 18, 2026.
On August 18, 2025, A cybercriminal group called Cephalus took credit for the breach. On its data leak website, Cephalus says it stole 900 GB of data from CHN.
Colorado Health Network has not acknowledged Cephalus’ claim and Comparitech cannot independently verify its authenticity. We do not know how attackers breached CHN’s network, if CHN paid a ransom, or how much Cephalus demanded. Comparitech contacted CHN for comment and will update this article if it replies.
“Upon discovering the incident, we took measures to secure our systems and launched an investigation,” says CHN’s notice to breach victims. “Our investigation determined that an unauthorized individual viewed and obtained certain files on our network.”
The notice does not mention any offer of free credit monitoring or identity theft protection for breach victims.
Who is Cephalus?
Cephalus was a ransomware group whose malware both locks down computer systems and steals data. It was only active for about a month in the summer of 2025. During that time, it claimed responsibility for 18 ransomware attacks. The organizations it targeted confirmed four of those claims. In addition to CHN, they include:
- SystemEXE (Japan) reported a data breach in June 2025
- Vienna, VA notified 811 people of an August 2025 data breach
- Money Matters (USA) notified 1,573 people of a July 2025 data breach
Ransomware attacks on US healthcare
Comparitech researchers logged 148 confirmed ransomware attacks on US hospitals, clinics, and other healthcare providers in 2025. Those attacks breached more than 14.1 million personal records.
In 2026 to date, we’ve logged 20 more such attacks that compromised more than 143,000 records.
Other recently confirmed breaches of US healthcare organizations include:
- Clarinda Regional Health Center notified 24,341 people of an October 2025 data breach claimed by LockBit
- Community Connections notified 20,879 people of a March 2026 data breach claimed by Inc
- Dillon Family Medicine (McLeod Health) notified 16,788 South Carolinians of an October 2025 data breach claimed by Qilin
- Orthopedic Specialists of Massachusetts notified 20,154 people in Maryland and Vermont of a January 2026 data breach claimed by Qilin
- Anatomic and Clinical Laboratory Associates notified 69 Marylanders of a December 2025 data breach claimed by Insomnia
- Texas Hearing Institute notified 29,4999 people in Maryland and Texas of a March 2026 data breach claimed by Interlock
Ransomware attacks on hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Colorado Health Network
Colorado Health Network is a nonprofit group of clinics focused on people affected by HIV. It supports more than 5,000 clients living with HIV at clinics in Denver, Fort Collins, Colorado Springs, and Grand Junction, according to its LinkedIn profile.