Academic Urology & Urogynecology of Arizona, a division of Palo Verde Hematology and Oncology, disclosed a major data breach impacting 73,281 individuals. The hacking incident occurred in May 2025 and potentially exposed sensitive personal and protected health information. Affected individuals are now being notified and offered identity monitoring services.
Academic Urology & Urogynecology of Arizona’s Data Breach Investigation
Academic Urology & Urogynecology of Arizona detected unauthorized access to its network on or about May 22, 2025. Upon discovering the suspicious activity, the organization immediately secured its environment and launched a comprehensive investigation with the assistance of external cybersecurity professionals experienced in handling data security incidents.
After an extensive forensic investigation and manual review of documents, Academic Urology determined on January 30, 2026, that certain files containing personal and protected health information may have been subject to unauthorized access or acquisition between May 18, 2025 and May 22, 2025.
The breach has affected a total of 73,281 individuals, including six Maine residents. While there is currently no evidence that identity fraud or misuse of the information has occurred as a direct result of this incident, the exposure of sensitive healthcare and personal data presents ongoing risks.
Healthcare organizations are frequent targets of cyberattacks because the information they maintain—such as medical records, identification numbers, and personal details—can be highly valuable to cybercriminals. Even when no immediate misuse is identified, affected individuals may face long-term risks of identity theft, insurance fraud, or medical identity fraud.
Academic Urology has stated that it takes the privacy and security of personal and protected health information seriously. Following the breach, the organization implemented additional security measures and safeguards designed to strengthen its systems and reduce the likelihood of a similar event occurring in the future.
To help mitigate potential harm, Academic Urology is offering affected individuals 12 or 24 months of complimentary credit monitoring and identity theft protection services through IDX. Individuals have until May 12, 2026 to enroll in these services. The identity monitoring program is designed to detect potential misuse of personal information and assist with identity restoration if necessary.
While offering monitoring services is a positive step, individuals impacted by data breaches may still face anxiety, time spent monitoring accounts, and the risk of future fraud. When healthcare providers fail to adequately protect sensitive data, affected patients may have legal rights to pursue compensation.
When Did This Breach Occur?
The unauthorized access occurred between May 18, 2025 and May 22, 2025.
The breach was discovered on January 30, 2026, following the completion of the forensic investigation and document review.
What Information Was Breached?
The potentially impacted information includes:
Because this was a healthcare-related breach, the compromised data may include sensitive medical and identifying information.
What You Can Do
If you received a notification letter from Academic Urology & Urogynecology of Arizona, consider taking the following steps:
-
Enroll in the complimentary 12 or 24 months of credit monitoring and identity theft protection services through IDX before the May 12, 2026 enrollment deadline.
-
Review your financial account statements and explanation of benefits (EOB) statements for unusual activity.
-
Obtain free credit reports from Equifax, Experian, and TransUnion to monitor for unfamiliar accounts or inquiries.
-
Consider placing a fraud alert or credit freeze on your credit file.
-
Report suspected identity theft to your financial institution, the Federal Trade Commission, and local law enforcement.
Remaining vigilant is critical, especially after a healthcare data breach. You may also want to explore your legal rights and determine whether you are eligible to join a class action lawsuit.
File a Data Breach Lawsuit Against Academic Urology & Urogynecology of Arizona
If your personal or protected health information was exposed in this data breach, you may be entitled to compensation. Healthcare providers have a responsibility to implement reasonable security measures to safeguard patient information.
Data breaches involving medical and personal information can create long-term risks, including identity theft, insurance fraud, and financial loss. A class action lawsuit allows individuals impacted by the same incident to band together and seek accountability.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
