Centric Health Data Breach 2025: 6,855 Affected · Hacking/IT Incident · CA. Filed With HHS OCR. What To Do.
Centric Health, a multi-specialty healthcare provider in Bakersfield, California, filed a HIPAA breach notification with the HHS Office for Civil Rights on December 10, 2025, reporting 6,855 individuals affected in a Hacking/IT Incident involving an Electronic Medical Record and Network Server. A business associate was involved.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Dec 10, 2025
Centric Health filed a Hacking/IT Incident breach report with HHS Office for Civil Rights covering 6,855 individuals; a business associate was identified as involved.
Feb 5, 2026
Plaintiff firm Strauss Borrelli PLLC announced a class-action investigation referencing the HHS filing.
Dec 10, 2025
Centric Health filed a Hacking/IT Incident breach report with HHS Office for Civil Rights covering 6,855 individuals; a business associate was identified as involved.
Feb 5, 2026
Plaintiff firm Strauss Borrelli PLLC announced a class-action investigation referencing the HHS filing.
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Centric Health, a multi-specialty healthcare provider headquartered in Bakersfield, California, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on December 10, 2025, reporting 6,855 affected individuals. OCR classified the event as a Hacking/IT Incident involving an Electronic Medical Record and Network Server, with a business associate identified as involved in the underlying incident.
Centric Health has not, as of this update, posted a substitute notice on its public website, and the entity has not been listed in the California Attorney General’s published sample-notice index. Specific exposed data elements, the unauthorized-access window, attacker attribution, and any complimentary credit monitoring have therefore not been confirmed by the entity itself. The information below reflects the federal regulatory record plus secondary coverage; we will update each section as the entity’s own letter, a state AG sample notice, or court filings become available.
Timeline
- December 10, 2025 — Centric Health filed a Hacking/IT Incident breach report with HHS OCR covering 6,855 individuals.
- February 5, 2026 — Plaintiff firm Strauss Borrelli PLLC publicly announced a class-action investigation tied to the HHS filing.
The dates of initial unauthorized access and internal discovery have not been disclosed in any publicly available source.
What was exposed
The OCR portal classifies the breached information as residing on an Electronic Medical Record and a Network Server, which under HHS taxonomy typically encompasses protected health information.
Centric Health has not yet itemized the specific data elements involved. Until the entity’s notification letter is published, treat the categories below as plausible but unconfirmed for this incident: names, dates of birth, addresses, Social Security numbers, medical and treatment information, and health-insurance details. We will replace this paragraph with the entity’s confirmed list once a substitute notice or sample notification letter is filed.
What Centric Health is offering affected individuals
No public substitute notice has been posted by Centric Health, and no credit-monitoring or identity-protection offering has been confirmed. If you receive an individual notification letter, it should specify any complimentary services and the enrollment deadline.
Class-action activity
Strauss Borrelli PLLC has publicly announced an investigation into the incident and is soliciting affected individuals. No filed class-action complaint or consolidated docket has been identified in public court records as of this update.
What to do if you may be affected
Until Centric Health publishes its substitute notice or your individual notification letter arrives, the protective steps to take are generic but useful:
- Freeze your credit with the three nationwide consumer reporting agencies. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft.
- Watch for a notification letter at the address on file with Centric Health. Notification letters typically follow the OCR filing by a few weeks to a few months. Read it carefully. It will list the specific data elements exposed and any complimentary credit-monitoring offered.
- Be cautious of unsolicited contact referencing this breach. Plaintiff-firm and “claim depot” sites are not the entity itself and cannot enroll you in credit monitoring.
- Bookmark this page. We update it as new information becomes publicly available.
Sources on this page
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach.
- Strauss Borrelli PLLC — Centric Health Data Breach Investigation — plaintiff-firm announcement referencing the HHS filing.
- ClaimDepot — Centric Health Data Breach Impacts 6,855 Patients — secondary aggregator summary of the HHS filing.
- Centric Health (entity website) — entity homepage; no public substitute notice posted as of this update.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Strauss Borrelli PLLC — Centric Health Data Breach Investigation
- ClaimDepot — Centric Health Data Breach Impacts 6,855 Patients
- Centric Health (entity website)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.