AltaMed Health Services Corporation Data Breach 2025: 4,530 Affected · Unauthorized Access/Disclosure · CA. Filed With HHS OCR. What To Do.
AltaMed Health Services Corporation (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 13, 2025, reporting 4,530 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Aug 5, 2024
Unauthorized actor begins accessing employee email account
Aug 9, 2024
AltaMed detects suspicious email activity; access terminated
Apr 16, 2025
Forensic review of impacted mailbox contents finalized
Jun 13, 2025
HHS OCR breach notification filed (4,530 individuals)
Jun 13, 2025
Individual notification letters mailed; substitute notice posted
Dec 14, 2025
Separate cybersecurity incident impacts AltaMed systems
Feb 12, 2026
Patients and employees notified of December 2025 incident
Feb 16, 2026
Plaintiffs' firms open investigations into December 2025 incident
Aug 5, 2024
Unauthorized actor begins accessing employee email account
Aug 9, 2024
AltaMed detects suspicious email activity; access terminated
Apr 16, 2025
Forensic review of impacted mailbox contents finalized
Jun 13, 2025
HHS OCR breach notification filed (4,530 individuals)
Jun 13, 2025
Individual notification letters mailed; substitute notice posted
Dec 14, 2025
Separate cybersecurity incident impacts AltaMed systems
Feb 12, 2026
Patients and employees notified of December 2025 incident
Feb 16, 2026
Plaintiffs' firms open investigations into December 2025 incident
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
AltaMed Health Services Corporation, the nation’s largest federally qualified health center, disclosed two distinct cybersecurity incidents in the span of seven months. The first, an email account compromise that occurred between August 5 and August 9, 2024, was reported to the HHS Office for Civil Rights on June 13, 2025 as affecting 4,530 individuals. The second, a broader systems incident detected on December 14, 2025, triggered patient and employee notifications in February 2026 and remains under investigation. Plaintiffs’ firms are recruiting class members for both.
Timeline
- August 5–9, 2024 — An unauthorized individual accesses an AltaMed employee email account. AltaMed detects suspicious activity on August 9 and disconnects the account.
- August 9, 2024 – April 16, 2025 — Outside forensic specialists review the mailbox to identify whose information was exposed and locate current addresses.
- June 13, 2025 — AltaMed files breach notification with HHS OCR (4,530 individuals) and begins mailing letters and posting substitute notice.
- December 14, 2025 — A separate cybersecurity incident impacts AltaMed computer systems. AltaMed activates incident response and engages outside cybersecurity experts. Patient-facing language (“limited access to some of its computer systems”) is consistent with how organizations typically describe ransomware containment.
- February 12–16, 2026 — AltaMed begins notifying patients and employees of the December 2025 incident. Plaintiffs’ firms open public investigations.
Exposed information (June 2025 disclosure)
Per AltaMed’s substitute notice, the email account contained one or more of the following data elements for affected individuals: name, Social Security number, date of birth, driver’s license or state ID number, passport number, foreign national ID number, personal email and telephone, medical record number, Medicare or Medicaid ID, medical billing information, doctor or provider name, date of service, payment for health services, medical history and treatment information, mental or physical condition or diagnosis, procedure information, COVID test result or vaccination status, prescription information, health insurance policy number and other insurance information, handwritten signature, genetic data, mother’s maiden name, and username and password.
The December 2025 incident is reported by AltaMed and outside counsel to involve employee names, addresses, Social Security numbers, and compensation details, as well as patient names, dates of service, and payment information. The full scope is not yet finalized on the OCR portal.
Sensitive population: nation’s largest FQHC
AltaMed is not a typical clinic. Founded in 1969 and headquartered in Los Angeles, it operates more than 60 sites across Los Angeles and Orange Counties and serves 700,000 patients per year, with roughly 465,000 enrolled in Medi-Cal. Its patient population is predominantly Latino, Black, and AAPI Californians, and AltaMed is one of the largest providers of HIV care, behavioral health, and senior care (PACE) to low-income communities in Southern California.
That demographic profile changes the harm calculus. A Social Security number paired with a Medicaid ID, immigration-adjacent identifiers like a foreign national ID or passport number, and clinical context including HIV care or behavioral health treatment is a higher-stakes combination than a routine credential leak. Identity-theft mechanics are the same, but downstream exposure can extend to immigration, employment, and insurance-coverage risk for households that rely on the safety-net system.
What AltaMed is offering
AltaMed’s substitute notice does not include a complimentary identity-protection or credit-monitoring offer. The notice directs recipients to a toll-free inquiry line (1-800-939-4170, Monday–Friday, 6:00 AM – 6:00 PM Pacific) and provides general guidance on credit freezes, fraud alerts, and free annual credit reports.
Class-action posture
ClassAction.org, Strauss Borrelli PLLC, The Lyon Firm, Migliaccio & Rathod LLP, and other plaintiffs’ firms have publicly solicited affected individuals for potential class actions arising from both the June 2025 disclosure and the December 2025 incident. As of mid-2026, no consolidated complaint has reached public docketing on either matter that we have been able to corroborate, but solicitation is active across multiple firms.
What to do if you may be affected
- Freeze your credit at Equifax, Experian, and TransUnion. It is free, reversible, and the single highest-leverage step against identity theft. AltaMed’s notice includes the bureau contact details.
- Watch the mail for a notification letter from AltaMed. Two distinct letters may arrive if you are caught in both the June 2025 and December 2025 incidents. Each letter lists the specific data elements exposed for you and any offered remediation.
- If you received a username and password through an AltaMed portal, change it and rotate any reused credentials. Genetic data and clinical detail are not directly rotatable, but credentials are.
- If you are a Medi-Cal or Medicare beneficiary, review Explanation of Benefits statements and report any unfamiliar services to your plan and to the California Department of Health Care Services.
- Bookmark this page. We update it as the December 2025 OCR portal entry is finalized and as class-action complaints reach the public docket.
Sources on this page
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of the June 2025 filing.
- AltaMed Notice of Data Breach (English) — AltaMed’s own substitute notice with the full exposed-data list.
- ClassAction.org — June 2025 investigation — solicitation page for the email account compromise.
- ClassAction.org — February 2026 investigation — solicitation page for the December 2025 incident.
- Strauss Borrelli PLLC — AltaMed investigation — independent law-firm summary of the August 2024 incident.
- The Lyon Firm — AltaMed data breach investigation — secondary law-firm summary covering both incidents.
- MedhaCloud — AltaMed HIPAA breach summary — trade summary confirming the 4,530-individual OCR figure.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- AltaMed Notice of Data Breach (substitute notice, English)
- ClassAction.org — AltaMed June 2025 breach investigation
- ClassAction.org — AltaMed February 2026 notification
- Strauss Borrelli PLLC — AltaMed investigation
- The Lyon Firm — AltaMed data breach investigation
- MedhaCloud — AltaMed HIPAA breach summary
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.