Active breach tracker Los Angeles, CA HQ Disclosed February 16, 2026

AltaMed Health Services Data Breach 2026: 501+ FQHC Patients Exposed Across Los Angeles Community Health Network. What To Do

AltaMed Health Services Corporation, California's largest community health center network serving nearly 300,000 Hispanic/Latino patients annually across 50 sites in LA and Orange County, disclosed a November 2025 network intrusion. Names, Social Security numbers, dates of service, payment information, and employee compensation data exposed. Multiple plaintiffs' firms investigating. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 27, 2025

Unauthorized access begins (per California AG filing)

Dec 14, 2025

AltaMed detects unauthorized access; systems disrupted; incident response activated

Feb 12, 2026

Patient notification letters begin mailing; California AG filing (sb24-618676)

Feb 16, 2026

Public data breach notice published

Feb 16, 2026

Disclosed publicly

Feb 26, 2026

HHS OCR portal submission (501 placeholder; final count likely materially higher)

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number Per plaintiff-firm characterization (unconfirmed): DOB, driver's license / state ID, passport, medical records, insurance info, treatment details, COVID-19 vaccination status, prescriptions

03

Contact & insurance

Phishing + targeted scams

Full name Home address Date of service Payment information Employee compensation details

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Cole & Van Note (publicly investigating; announced 2026-02-13) Migliaccio & Rathod LLP (publicly investigating) Lynch Carpenter (publicly investigating; announced 2026-02-17) The Lyon Firm (publicly investigating) Strauss Borrelli PLLC (publicly investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

AltaMed Health Services Corporation is California’s largest community health center / federally qualified health center (FQHC) network, headquartered in Los Angeles. AltaMed serves approximately 300,000 patients annually across ~50 sites in Los Angeles and Orange counties. Services include primary care, dental, PACE senior services, and behavioral health. AltaMed predominantly serves Hispanic/Latino communities in Southern California.

Between November 27, 2025 (per the California AG filing) and December 14, 2025, an unauthorized actor accessed AltaMed’s network. The breach was detected on December 14, 2025 when systems were disrupted and AltaMed activated its incident response plan. Care operations continued uninterrupted.

AltaMed mailed patient notification letters beginning February 12, 2026 and filed with the California AG the same day (sb24-618676). The public data breach notice was published on February 16, 2026. The HHS OCR filing followed on February 26, 2026 at the 501-individual reporting floor — likely a placeholder; the final count is expected to be materially higher.

HIPAA Journal grouped this incident with other 2026 ransomware attacks in its coverage, characterizing it as “typically associated with ransomware,” but no ransomware group has publicly claimed responsibility. No dark-web leak-site listing has been independently corroborated.

A vulnerable patient population

AltaMed serves a predominantly Hispanic/Latino, low-income, federally-subsidized patient population through its FQHC mission. Many AltaMed patients are:

  • Medicaid recipients or uninsured (Medi-Cal / county indigent care)
  • Mixed-immigration-status families
  • PACE program seniors (frail elderly)

For this population, SSN exposure carries additional risks beyond standard identity theft:

  • Mixed-status families may face immigration-enforcement exposure if SSN data is misused
  • Medi-Cal enrollment fraud (claims billed under your member ID) can disrupt your benefits eligibility
  • Many patients may not have credit monitoring or identity-theft response infrastructure already in place

Multiple plaintiffs’ firms have opened investigations.

What was stolen

Per AltaMed’s notice (officially confirmed):

  • Full name, home address
  • Social Security number
  • Dates of service
  • Payment information
  • Employee compensation details

Per The Lyon Firm’s plaintiff-side characterization (unconfirmed by AltaMed):

  • Date of birth, driver’s license / state ID, passport number
  • Medical records, insurance information, treatment details
  • COVID-19 vaccination status, prescriptions

The plaintiff-firm list is expansive in typical class-action style. Read your specific notification letter for the confirmed elements that apply to your case.

What AltaMed is offering

  • Incident response plan activated
  • Third-party cyber forensics engaged
  • Law enforcement notified
  • Additional technical safeguards implemented

Credit monitoring provider, duration, and dedicated call center number are not yet visible in publicly indexed sources. The California AG sample notice PDF likely contains these details — read your specific letter carefully.

What to do

  1. Read your specific notification letter to confirm what data elements were involved.
  2. Enroll in any offered credit monitoring through the activation code in your letter.
  3. Place free credit freezes at Equifax, Experian, TransUnion. Full SSN is in scope.
  4. File IRS Form 14039 (Identity Theft Affidavit).
  5. Cancel and reissue any payment cards that may be tied to AltaMed billing.
  6. If you are a Medi-Cal recipient, watch your Medi-Cal Notice of Action statements for unfamiliar claims and call DHCS Member Services if you see anything unauthorized.
  7. If you are in a mixed-status family, consider whether you need to take additional protective steps. Resources: ACLU SoCal, CHIRLA, NILC — these organizations can advise on mitigation specific to your situation.
  8. Stop the ongoing flow of your community health center data. HealthConsent files HIPAA restriction requests covering FQHC, Medicaid managed care, and prescription network pathways.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.