Active breach tracker CA Disclosed June 13, 2025

AltaMed Health Services Corporation Data Breach 2025: 4,530 Affected · Unauthorized Access/Disclosure · CA. Filed With HHS OCR. What To Do.

AltaMed Health Services Corporation (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 13, 2025, reporting 4,530 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Aug 5, 2024

Unauthorized actor begins accessing employee email account

Aug 9, 2024

AltaMed detects suspicious email activity; access terminated

Apr 16, 2025

Forensic review of impacted mailbox contents finalized

Jun 13, 2025

HHS OCR breach notification filed (4,530 individuals)

Jun 13, 2025

Individual notification letters mailed; substitute notice posted

Dec 14, 2025

Separate cybersecurity incident impacts AltaMed systems

Feb 12, 2026

Patients and employees notified of December 2025 incident

Feb 16, 2026

Plaintiffs' firms open investigations into December 2025 incident

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number Date of birth Driver's license or state ID number Passport number

02

Health records

Don't expire and can't be reissued

Medical record number Medical history, treatment, diagnoses, and procedure information COVID test result or vaccination status Prescription information

03

Contact & insurance

Phishing + targeted scams

Name Foreign national ID number Personal email and telephone Medicare or Medicaid ID Medical billing information Doctor or provider name and date of service Health insurance policy number and other insurance information Handwritten signature Genetic data Mother's maiden name Username and password
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

AltaMed Health Services Corporation, the nation’s largest federally qualified health center, disclosed two distinct cybersecurity incidents in the span of seven months. The first, an email account compromise that occurred between August 5 and August 9, 2024, was reported to the HHS Office for Civil Rights on June 13, 2025 as affecting 4,530 individuals. The second, a broader systems incident detected on December 14, 2025, triggered patient and employee notifications in February 2026 and remains under investigation. Plaintiffs’ firms are recruiting class members for both.

Timeline

  • August 5–9, 2024 — An unauthorized individual accesses an AltaMed employee email account. AltaMed detects suspicious activity on August 9 and disconnects the account.
  • August 9, 2024 – April 16, 2025 — Outside forensic specialists review the mailbox to identify whose information was exposed and locate current addresses.
  • June 13, 2025 — AltaMed files breach notification with HHS OCR (4,530 individuals) and begins mailing letters and posting substitute notice.
  • December 14, 2025 — A separate cybersecurity incident impacts AltaMed computer systems. AltaMed activates incident response and engages outside cybersecurity experts. Patient-facing language (“limited access to some of its computer systems”) is consistent with how organizations typically describe ransomware containment.
  • February 12–16, 2026 — AltaMed begins notifying patients and employees of the December 2025 incident. Plaintiffs’ firms open public investigations.

Exposed information (June 2025 disclosure)

Per AltaMed’s substitute notice, the email account contained one or more of the following data elements for affected individuals: name, Social Security number, date of birth, driver’s license or state ID number, passport number, foreign national ID number, personal email and telephone, medical record number, Medicare or Medicaid ID, medical billing information, doctor or provider name, date of service, payment for health services, medical history and treatment information, mental or physical condition or diagnosis, procedure information, COVID test result or vaccination status, prescription information, health insurance policy number and other insurance information, handwritten signature, genetic data, mother’s maiden name, and username and password.

The December 2025 incident is reported by AltaMed and outside counsel to involve employee names, addresses, Social Security numbers, and compensation details, as well as patient names, dates of service, and payment information. The full scope is not yet finalized on the OCR portal.

Sensitive population: nation’s largest FQHC

AltaMed is not a typical clinic. Founded in 1969 and headquartered in Los Angeles, it operates more than 60 sites across Los Angeles and Orange Counties and serves 700,000 patients per year, with roughly 465,000 enrolled in Medi-Cal. Its patient population is predominantly Latino, Black, and AAPI Californians, and AltaMed is one of the largest providers of HIV care, behavioral health, and senior care (PACE) to low-income communities in Southern California.

That demographic profile changes the harm calculus. A Social Security number paired with a Medicaid ID, immigration-adjacent identifiers like a foreign national ID or passport number, and clinical context including HIV care or behavioral health treatment is a higher-stakes combination than a routine credential leak. Identity-theft mechanics are the same, but downstream exposure can extend to immigration, employment, and insurance-coverage risk for households that rely on the safety-net system.

What AltaMed is offering

AltaMed’s substitute notice does not include a complimentary identity-protection or credit-monitoring offer. The notice directs recipients to a toll-free inquiry line (1-800-939-4170, Monday–Friday, 6:00 AM – 6:00 PM Pacific) and provides general guidance on credit freezes, fraud alerts, and free annual credit reports.

Class-action posture

ClassAction.org, Strauss Borrelli PLLC, The Lyon Firm, Migliaccio & Rathod LLP, and other plaintiffs’ firms have publicly solicited affected individuals for potential class actions arising from both the June 2025 disclosure and the December 2025 incident. As of mid-2026, no consolidated complaint has reached public docketing on either matter that we have been able to corroborate, but solicitation is active across multiple firms.

What to do if you may be affected

  • Freeze your credit at Equifax, Experian, and TransUnion. It is free, reversible, and the single highest-leverage step against identity theft. AltaMed’s notice includes the bureau contact details.
  • Watch the mail for a notification letter from AltaMed. Two distinct letters may arrive if you are caught in both the June 2025 and December 2025 incidents. Each letter lists the specific data elements exposed for you and any offered remediation.
  • If you received a username and password through an AltaMed portal, change it and rotate any reused credentials. Genetic data and clinical detail are not directly rotatable, but credentials are.
  • If you are a Medi-Cal or Medicare beneficiary, review Explanation of Benefits statements and report any unfamiliar services to your plan and to the California Department of Health Care Services.
  • Bookmark this page. We update it as the December 2025 OCR portal entry is finalized and as class-action complaints reach the public docket.

Sources on this page

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.