AltaMed Data Breach Exposes SSNs and Protected Health Info

On August 5 through August 9, 2024, AltaMed Health Services Corporation experienced a major data breach that compromised sensitive information belonging to its patients and members. According to a disclosure filed with the California Attorney General’s office, the breach involved unauthorized access to a wide range of personally identifiable information (PII) and protected health information (PHI).

The exposed data includes Social Security numbers, dates of birth, driver’s license or state identification numbers, passport numbers, foreign national ID numbers, personal email addresses, personal telephone numbers, medical record numbers, Medicare or Medicaid ID numbers, medical billing details, doctor or provider names, dates of service, payment information for health services, medical history, medical treatment details, mental or physical condition or diagnosis, procedure information, COVID-19 test results or vaccination status, prescription information, incidental health references, health insurance policy numbers, other health insurance information, handwritten signatures, genetic data, mother’s maiden name, and usernames and passwords.

The breach was officially disclosed to the California Attorney General on June 13, 2025. Additionally, a second update was made to the California Attorney General on February 2026.

For more details, you can review the visit the AltaMed data breach notification page.pdf).

The data breach was disclosed to the U.S. Department of Health and Human Services on June 13, 2025, reporting 4,530 individuals affected.

AltaMed Health Services Corporation's response

In response to the breach, AltaMed Health Services Corporation has taken steps to notify affected individuals and provide information about the incident. The company has posted a detailed notice on its website, outlining the types of information involved and offering guidance on how individuals can protect themselves.

Those affected are encouraged to remain vigilant by monitoring their financial accounts, reviewing medical records for unauthorized activity, and considering placing fraud alerts or credit freezes with major credit bureaus.

Given the sensitive nature of the exposed data—including Social Security numbers, medical and insurance information, and account credentials—affected individuals should be especially cautious about phishing attempts or suspicious communications. It is important to use strong, unique passwords for online accounts, enable two-factor authentication where possible, and report any unusual activity to the appropriate authorities.

To learn more about the organization, visit the AltaMed official website.