Glendale Obstetrics and Gynecology, PC, an all-female women's health practice based in Glendale, Arizona, identified a network disruption on October 25, 2025 affecting a portion of its digital environment. The practice engaged outside cybersecurity specialists and confirmed that certain files were acquired by an unauthorized individual. The SafePay ransomware group claimed responsibility on November 11, 2025 by listing the clinic on its Tor-based dark-web leak site and threatening to release patient data unless ransom negotiations were initiated. Glendale OBGYN reported the breach to the U.S. Department of Health and Human Services on December 24, 2025.

The breach affected approximately 34,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, addresses, dates of birth, driver's license information, Social Security numbers, medical information, and health insurance information. As an obstetrics and gynecology practice, the underlying records exfiltrated by the attackers also include reproductive-health treatment records, prenatal care histories, gynecological diagnoses, and ultrasound and imaging records typical of an OBGYN operation, beyond the more limited field set surfaced publicly.

For affected patients, the practical risk profile is unusually severe and durable because of the combination of identity-fraud exposure with reproductive-health-specific sensitivity. The combination of name, date of birth, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a women's-health care relationship and may reference pregnancy status, gynecological diagnoses, or reproductive-health decisions, which can support targeted scams referencing real care episodes. The sensitivity of reproductive-health information also raises concerns about coercive abuse, employer or partner targeting, and discrimination, particularly for patients who may not have shared their care history with family members or employers. Affected patients should freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing Glendale OBGYN, prenatal care, or related services with caution.

OBGYN practices collect highly sensitive patient identity, contact, insurance, billing, appointment, and reproductive-health treatment records across specialty care workflows.

Glendale OBGYN identified a network disruption on October 25, 2025 affecting a portion of its digital environment. The practice took immediate steps to secure the environment and engaged outside cybersecurity specialists. The SafePay ransomware group publicly claimed responsibility on November 11, 2025 by listing Glendale OBGYN on its Tor-based dark-web leak site and threatening to release stolen patient data unless ransom negotiations were initiated. Glendale OBGYN reported the breach to the U.S. Department of Health and Human Services on December 24, 2025 and began identifying contact information for direct notification of affected individuals. Class-action investigations by U.S. plaintiff law firms began organizing in late December 2025.