Altior Healthcare, LLC Data Breach 2025: 1,002 Affected · Email Phishing · CA Healthcare Provider. What To Do.
Altior Healthcare, LLC (CA) reported a HIPAA breach to HHS OCR affecting 1,002 individuals after a phishing attack gave intruders intermittent access to employee email accounts between July 14, 2024 and January 8, 2025. Notification letters were mailed on April 11, 2025. Exposed data may include name, date of birth, dates of service, provider name, and medication information.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jul 14, 2024
Beginning of the intermittent unauthorized-access window into Altior Healthcare employee email accounts, per the entity's substitute notice.
Dec 27, 2024
Altior Healthcare identifies suspicious activity within its email system and begins containment and forensic investigation.
Jan 8, 2025
End of the intermittent unauthorized-access window described in the entity's substitute notice.
Mar 14, 2025
Forensic review of impacted mailboxes is completed, confirming that the contents of the accounts may have been accessed or downloaded.
Apr 11, 2025
Altior Healthcare mails written notification letters to affected patients and posts a substitute notice on its website; the incident is reported to HHS OCR as affecting 1,002 individuals.
Apr 11, 2025
Disclosed publicly
Jul 14, 2024
Beginning of the intermittent unauthorized-access window into Altior Healthcare employee email accounts, per the entity's substitute notice.
Dec 27, 2024
Altior Healthcare identifies suspicious activity within its email system and begins containment and forensic investigation.
Jan 8, 2025
End of the intermittent unauthorized-access window described in the entity's substitute notice.
Mar 14, 2025
Forensic review of impacted mailboxes is completed, confirming that the contents of the accounts may have been accessed or downloaded.
Apr 11, 2025
Altior Healthcare mails written notification letters to affected patients and posts a substitute notice on its website; the incident is reported to HHS OCR as affecting 1,002 individuals.
Apr 11, 2025
Disclosed publicly
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Altior Healthcare, LLC, a Los Angeles–based healthcare provider, reported a HIPAA breach to the U.S. Department of Health and Human Services Office for Civil Rights affecting 1,002 individuals after a phishing attack gave outside intruders intermittent access to employee email accounts between July 14, 2024 and January 8, 2025. The company detected the unauthorized activity on December 27, 2024, completed a forensic review of the impacted mailboxes by March 14, 2025, and mailed written notification letters to affected patients on April 11, 2025. Altior states the intrusion was limited to employee email accounts and did not reach its electronic medical-records systems.
Timeline
- July 14, 2024 — Start of the intermittent unauthorized-access window into employee email accounts described in Altior’s substitute notice.
- December 27, 2024 — Altior identifies suspicious activity within its email system and begins containment and forensic investigation.
- January 8, 2025 — End of the intermittent unauthorized-access window.
- March 14, 2025 — Forensic review of impacted mailboxes is completed; the investigation concludes that the contents of the affected accounts may have been viewed or downloaded.
- April 11, 2025 — Altior Healthcare mails written notification letters to affected patients, posts a substitute notice on its website, and reports the incident to HHS OCR as affecting 1,002 individuals.
The OCR portal classifies the event as a Hacking/IT Incident at Email at a Healthcare Provider in California. Altior’s own description of the root cause is more specific: employees responded to phishing emails, which gave the attacker access to their mailboxes.
What was exposed
Per Altior Healthcare’s substitute notice and the HIPAA Journal report, the information potentially involved varies by individual and may include:
- Name.
- Date of birth.
- Dates of service.
- Provider name.
- Medication information.
- Other information related to care.
Altior states that “only employee email accounts were involved in the incident, not our medical records systems.” Social Security numbers, financial-account numbers, and driver’s-license numbers are not listed in the entity’s public notice as having been involved. Your individual notification letter, if you received one, is the authoritative list of which specific data elements were exposed for you.
What Altior is offering
Altior Healthcare has set up a dedicated toll-free call center to answer questions about the incident: (855) 549-2708, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern. The company’s main line is (310) 304-0015 and its general contact email is [email protected]. Altior’s public notice does not advertise complimentary credit-monitoring or identity-theft-protection enrollment; affected individuals should check their own notification letter for any enrollment instructions specific to them.
Class-action posture
No class-action complaint over the Altior Healthcare email-account breach has been confirmed in the public record at the time of this writing, and there is no known settlement. Plaintiff-side firms periodically open investigations into provider-side email breaches in this size range; we will update this page if a complaint is filed or consolidated.
What to do
- Read the letter carefully. It will identify which data elements were exposed for you specifically and how to reach the dedicated call center.
- Review healthcare statements. Because dates of service, provider names, and medication information were involved, scrutinize Explanation of Benefits statements and any pharmacy or provider billing records for services, prescriptions, or providers you do not recognize, and flag anything unfamiliar with your insurer or pharmacy.
- Watch for targeted phishing. A breach of this kind gives the attacker context (your provider’s name, what you were treated for, when) that can make follow-on phishing or vishing calls feel highly credible. Verify any inbound contact claiming to be from Altior through the toll-free number printed on the letter or the main line above, not through email or text links.
- Freeze your credit with Equifax, Experian, and TransUnion as a precaution. It is free, takes about ten minutes per bureau, and does not interfere with your existing accounts.
- Rotate passwords and turn on multi-factor authentication on your email, patient-portal, and pharmacy accounts.
- Bookmark this page. We update it as additional state attorney general filings, trade press, or court filings become available.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record: Altior Healthcare, LLC, California, Healthcare Provider, 1,002 affected, Hacking/IT Incident at Email.
- Altior Healthcare — Notice of Data Breach Incident — the entity’s own substitute notice: intermittent unauthorized email access July 14, 2024 to January 8, 2025; forensic review completed March 14, 2025; notification letters mailed April 11, 2025; dedicated call center (855) 549-2708.
- HIPAA Journal — Email Accounts Breached at San Francisco Campus for Jewish Living & Altior Healthcare — trade-press summary confirming 1,002 individuals affected, phishing root cause, and the categories of patient information potentially involved.
- MedhaCloud — Altior Healthcare, LLC Data Breach: 1,002 Patients Affected — additional corroborating summary of the OCR filing and the detection-to-disclosure timeline (detected December 27, 2024; review completed March 15, 2025).
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Altior Healthcare — Notice of Data Breach Incident
- HIPAA Journal — Email Accounts Breached at San Francisco Campus for Jewish Living & Altior Healthcare
- MedhaCloud — Altior Healthcare, LLC Data Breach: 1,002 Patients Affected
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.