Anchorage Neighborhood Health Center Data Breach 2025: 70,555 Patients · FQHC Hacking/IT Incident · Class Action Filed
Anchorage Neighborhood Health Center (ANHC), the federally qualified health center serving Anchorage, Alaska, filed a HIPAA breach notification with HHS OCR on November 19, 2025 reporting 70,555 affected individuals from a Hacking/IT Incident on a network server. Unauthorized network access occurred August 24-25, 2025. Exposed data includes Social Security numbers, dates of birth, state ID numbers, medical treatment information, and health insurance information. Up to 24 months of Experian credit monitoring offered. Class action Hunt v. ANHC pending in the District of Alaska.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Aug 22, 2025
ANHC phone lines go down; patients report inability to reach the clinic
Aug 24, 2025
Unauthorized actor accesses ANHC network (per entity notice)
Aug 25, 2025
Intrusion detected; ANHC takes affected systems offline and engages third-party forensic firm
Sep 5, 2025
Alaska's News Source reports an anonymous hacker group claims ~10,000 patient records leaked; ANHC confirms forensic investigation
Sep 15, 2025
Hackers escalate claim to ~60,000 records (~23 TB) on leak site
Sep 16, 2025
FBI Anchorage Field Office publicly confirms awareness of the incident
Nov 19, 2025
HHS OCR breach filing: 70,555 affected; Hacking/IT Incident, Network Server
Dec 16, 2025
Individual notification letters mailed; up to 24 months of Experian credit monitoring offered
Mar 1, 2026
Hunt et al v. Anchorage Neighborhood Health Center, No. 3:26-cv-00048, filed in U.S. District Court for the District of Alaska (Judge Sharon L. Gleason)
Aug 22, 2025
ANHC phone lines go down; patients report inability to reach the clinic
Aug 24, 2025
Unauthorized actor accesses ANHC network (per entity notice)
Aug 25, 2025
Intrusion detected; ANHC takes affected systems offline and engages third-party forensic firm
Sep 5, 2025
Alaska's News Source reports an anonymous hacker group claims ~10,000 patient records leaked; ANHC confirms forensic investigation
Sep 15, 2025
Hackers escalate claim to ~60,000 records (~23 TB) on leak site
Sep 16, 2025
FBI Anchorage Field Office publicly confirms awareness of the incident
Nov 19, 2025
HHS OCR breach filing: 70,555 affected; Hacking/IT Incident, Network Server
Dec 16, 2025
Individual notification letters mailed; up to 24 months of Experian credit monitoring offered
Mar 1, 2026
Hunt et al v. Anchorage Neighborhood Health Center, No. 3:26-cv-00048, filed in U.S. District Court for the District of Alaska (Judge Sharon L. Gleason)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Anchorage Neighborhood Health Center (ANHC), the federally qualified health center that has served Anchorage residents since 1974, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on November 19, 2025, reporting 70,555 affected individuals in a Hacking/IT Incident affecting a network server. Forensic investigation found unauthorized network access between August 24 and August 25, 2025, and the intrusion was detected on August 25, 2025 after ANHC’s phone lines and computer systems went down beginning August 22.
Timeline
- August 22, 2025 — ANHC phone lines down; patients report inability to reach the clinic (per Alaska’s News Source).
- August 24-25, 2025 — Unauthorized network access window, per ANHC’s notification and HIPAA Journal coverage.
- August 25, 2025 — Intrusion detected; ANHC takes affected systems offline, engages third-party forensic experts, and contacts law enforcement.
- September 3, 2025 — ANHC publicly acknowledges “limited computer access due to technical difficulties.”
- September 5, 2025 — Alaska’s News Source reports an anonymous hacker group claims ~10,000 patient records leaked; ANHC confirms it is investigating.
- September 15-16, 2025 — Hackers escalate their claim to roughly 60,000 records (asserting ~23 TB of data exfiltrated). The FBI Anchorage Field Office publicly confirms awareness.
- November 19, 2025 — ANHC files HIPAA breach report with HHS OCR: 70,555 individuals, Hacking/IT Incident, Network Server. Parallel state attorney general filings (Maine, Oregon) follow.
- December 2025 — Individual notification letters begin going out, per Comparitech.
- 2026 — Putative class action Hunt et al v. Anchorage Neighborhood Health Center, Inc., No. 3:26-cv-00048, filed in the U.S. District Court for the District of Alaska before Judge Sharon L. Gleason. Federman & Sherwood and Levi & Korsinsky publicly announce parallel investigations.
What was exposed
According to ANHC’s notification and trade-press reporting on the notice, the data elements implicated for at least some individuals include:
- Names
- Social Security numbers
- Dates of birth
- State-issued ID numbers (including driver’s license numbers)
- Medical treatment information
- Health insurance information
The anonymous threat actor publicly claimed exfiltration of approximately 23 TB of data and escalated its public victim count from ~10,000 to ~60,000 before ANHC’s final OCR filing of 70,555. ANHC has stated it has “no evidence” the information has been used for identity theft or financial fraud, but that statement does not preclude future misuse, particularly given that Social Security numbers and dates of birth do not change.
Sensitive-population considerations (FQHC)
ANHC is a federally qualified health center. FQHCs are HRSA-supported safety-net clinics that, by statutory mandate, serve patients regardless of ability to pay. ANHC’s patient population of roughly 15,000 includes uninsured and Medicaid-enrolled Alaskans, people experiencing homelessness, and other groups for whom an FQHC is often the only realistic primary-care option. Two consequences follow from that mission:
- The exposed data set is unusually sensitive in aggregate. A combined leak of SSN, date of birth, driver’s license number, and health-insurance enrollment status is the canonical identity-theft starter kit, and it is more damaging for people with thin credit files, unstable housing, or limited time and resources to contest fraudulent accounts.
- Categories of treatment carry stigma and discrimination risk. ANHC provides behavioral health, substance-use treatment, and care for people experiencing homelessness. Disclosure of “medical treatment information” tied to an identified patient can affect housing, employment, custody, and immigration matters in ways a fraud-only framing understates. SUD treatment records may carry additional 42 CFR Part 2 protections; OCR began enforcing Part 2 under a unified rule in February 2026.
What ANHC is offering
ANHC is offering eligible individuals up to 24 months of complimentary credit monitoring and identity-protection services through Experian, per HIPAA Journal’s reporting on the notice. Comparitech’s summary references a 12-month tier, suggesting the offer is tiered by data-element exposure, with the 24-month term going to recipients whose Social Security numbers were involved. ANHC has also stated it has implemented additional cybersecurity controls and enhanced monitoring following the incident.
Class-action posture
A putative class action, Hunt et al v. Anchorage Neighborhood Health Center, Inc., No. 3:26-cv-00048, is pending in the U.S. District Court for the District of Alaska before Judge Sharon L. Gleason. Plaintiff-side investigations were publicly announced by Federman & Sherwood and Levi & Korsinsky in late 2025. The OCR investigation remains open as of this update.
What to do if you may be affected
- Read the notification letter carefully. It lists the specific data elements involved for you and the activation code for the Experian credit-monitoring offer. The enrollment deadline matters; do not let it lapse.
- Place a credit freeze with Equifax, Experian, and TransUnion. A freeze is free, separate from credit monitoring, and is the single most effective control against new-account identity theft. Because driver’s license numbers were involved, consider requesting a new license number from the Alaska DMV if your letter confirms yours was exposed.
- File an IRS Identity Protection PIN request at IRS.gov. Tax-refund fraud is one of the most common downstream uses of stolen SSN + DOB combinations.
- Watch for ANHC-themed phishing. Threat actors who post stolen data routinely follow up with phishing emails and SMS impersonating the breached entity’s “support team.” ANHC will not ask you for your SSN or password by email or text.
- If you are an ANHC behavioral-health or substance-use treatment patient, the medical-treatment disclosure carries discrimination risks that go beyond financial fraud. Document any adverse housing, employment, or benefits decisions you suspect are linked to disclosure; SUD records may also carry 42 CFR Part 2 protections.
- Preserve your legal options. If you receive an ANHC notice, retain it. The Hunt class action is active, and the named plaintiff-side firms are accepting intake.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record listing ANHC, 70,555 individuals, Hacking/IT Incident, Network Server, reported 2025-11-19.
- Comparitech — Anchorage clinic notifies 70,000+ patients of data breach that leaked SSNs, medical info — affected count, data elements, December 2025 notification mailing, Experian credit-monitoring offer.
- HIPAA Journal — coverage of the ANHC notice — August 24-25 unauthorized access window, August 25 detection, up to 24 months of Experian credit monitoring, FQHC designation.
- Alaska’s News Source — FBI ‘aware’ of Anchorage health clinic data breach (Sept 16, 2025) — FBI Anchorage Field Office acknowledgment, hacker escalation to ~60,000 records.
- Alaska’s News Source — Hackers claim 10,000 ANHC records hacked & leaked (Sept 5, 2025) — initial public disclosure, phone/system outages from August 22.
- ClassAction.org — ANHC data breach investigation — plaintiff-side investigation summary and data elements.
- Federman & Sherwood — ANHC data breach investigation — public investigation notice from named plaintiff-side firm.
- Anchorage Neighborhood Health Center — entity site (FQHC mission, service lines).
We confirm these details directly against the HHS OCR portal record and the cited reporting; this page will be updated as the Hunt v. ANHC docket advances or as further notice details become public.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Comparitech — Anchorage clinic notifies 70,000+ patients of data breach that leaked SSNs, medical info
- HIPAA Journal — coverage of the ANHC notice
- Alaska's News Source — FBI 'aware' of Anchorage health clinic data breach (Sept 16, 2025)
- Alaska's News Source — Hackers claim 10,000 ANHC patient records hacked & leaked (Sept 5, 2025)
- ClassAction.org — Anchorage Neighborhood Health Center data breach may affect 60K
- Federman & Sherwood — ANHC data breach investigation
- Anchorage Neighborhood Health Center (entity site)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.