AltaMed Health Services Data Breach 2026: 501+ FQHC Patients Exposed Across Los Angeles Community Health Network. What To Do
AltaMed Health Services Corporation, California's largest community health center network serving nearly 300,000 Hispanic/Latino patients annually across 50 sites in LA and Orange County, disclosed a November 2025 network intrusion. Names, Social Security numbers, dates of service, payment information, and employee compensation data exposed. Multiple plaintiffs' firms investigating. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Nov 27, 2025
Unauthorized access begins (per California AG filing)
Dec 14, 2025
AltaMed detects unauthorized access; systems disrupted; incident response activated
Feb 12, 2026
Patient notification letters begin mailing; California AG filing (sb24-618676)
Feb 16, 2026
Public data breach notice published
Feb 16, 2026
Disclosed publicly
Feb 26, 2026
HHS OCR portal submission (501 placeholder; final count likely materially higher)
Nov 27, 2025
Unauthorized access begins (per California AG filing)
Dec 14, 2025
AltaMed detects unauthorized access; systems disrupted; incident response activated
Feb 12, 2026
Patient notification letters begin mailing; California AG filing (sb24-618676)
Feb 16, 2026
Public data breach notice published
Feb 16, 2026
Disclosed publicly
Feb 26, 2026
HHS OCR portal submission (501 placeholder; final count likely materially higher)
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
AltaMed Health Services Corporation is California’s largest community health center / federally qualified health center (FQHC) network, headquartered in Los Angeles. AltaMed serves approximately 300,000 patients annually across ~50 sites in Los Angeles and Orange counties. Services include primary care, dental, PACE senior services, and behavioral health. AltaMed predominantly serves Hispanic/Latino communities in Southern California.
Between November 27, 2025 (per the California AG filing) and December 14, 2025, an unauthorized actor accessed AltaMed’s network. The breach was detected on December 14, 2025 when systems were disrupted and AltaMed activated its incident response plan. Care operations continued uninterrupted.
AltaMed mailed patient notification letters beginning February 12, 2026 and filed with the California AG the same day (sb24-618676). The public data breach notice was published on February 16, 2026. The HHS OCR filing followed on February 26, 2026 at the 501-individual reporting floor — likely a placeholder; the final count is expected to be materially higher.
HIPAA Journal grouped this incident with other 2026 ransomware attacks in its coverage, characterizing it as “typically associated with ransomware,” but no ransomware group has publicly claimed responsibility. No dark-web leak-site listing has been independently corroborated.
A vulnerable patient population
AltaMed serves a predominantly Hispanic/Latino, low-income, federally-subsidized patient population through its FQHC mission. Many AltaMed patients are:
- Medicaid recipients or uninsured (Medi-Cal / county indigent care)
- Mixed-immigration-status families
- PACE program seniors (frail elderly)
For this population, SSN exposure carries additional risks beyond standard identity theft:
- Mixed-status families may face immigration-enforcement exposure if SSN data is misused
- Medi-Cal enrollment fraud (claims billed under your member ID) can disrupt your benefits eligibility
- Many patients may not have credit monitoring or identity-theft response infrastructure already in place
Multiple plaintiffs’ firms have opened investigations.
What was stolen
Per AltaMed’s notice (officially confirmed):
- Full name, home address
- Social Security number
- Dates of service
- Payment information
- Employee compensation details
Per The Lyon Firm’s plaintiff-side characterization (unconfirmed by AltaMed):
- Date of birth, driver’s license / state ID, passport number
- Medical records, insurance information, treatment details
- COVID-19 vaccination status, prescriptions
The plaintiff-firm list is expansive in typical class-action style. Read your specific notification letter for the confirmed elements that apply to your case.
What AltaMed is offering
- Incident response plan activated
- Third-party cyber forensics engaged
- Law enforcement notified
- Additional technical safeguards implemented
Credit monitoring provider, duration, and dedicated call center number are not yet visible in publicly indexed sources. The California AG sample notice PDF likely contains these details — read your specific letter carefully.
What to do
- Read your specific notification letter to confirm what data elements were involved.
- Enroll in any offered credit monitoring through the activation code in your letter.
- Place free credit freezes at Equifax, Experian, TransUnion. Full SSN is in scope.
- File IRS Form 14039 (Identity Theft Affidavit).
- Cancel and reissue any payment cards that may be tied to AltaMed billing.
- If you are a Medi-Cal recipient, watch your Medi-Cal Notice of Action statements for unfamiliar claims and call DHCS Member Services if you see anything unauthorized.
- If you are in a mixed-status family, consider whether you need to take additional protective steps. Resources: ACLU SoCal, CHIRLA, NILC — these organizations can advise on mitigation specific to your situation.
- Stop the ongoing flow of your community health center data. HealthConsent files HIPAA restriction requests covering FQHC, Medicaid managed care, and prescription network pathways.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- California AG: AltaMed Filing sb24-618676
- HIPAA Journal: February 2026 Healthcare Breach Report
- HIPAA Journal: Three Healthcare Providers Affected by Ransomware Attacks
- ClassAction.org: AltaMed February 2026
- Cole & Van Note: AltaMed Investigation
- Lynch Carpenter: AltaMed Investigation (GlobeNewswire)
- Migliaccio & Rathod: AltaMed Investigation
- The Lyon Firm: AltaMed Investigation
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.