Altos Inc. Unsecured Internal Systems Exposes Social Security Numbers

On June 17, 2025, Altos Inc., a billing services provider for several healthcare practices in southern California, discovered that one of its internal systems containing sensitive personal and health information was exposed to the internet.

The company took steps to block access to the affected system and launched an investigation with the help of a cybersecurity firm. The investigation determined that an unauthorized third party had gained access to the system and may have removed data from it.

After a review, Altos concluded on July 21, 2025, that personal and health information of individuals served by its healthcare provider clients may have been compromised. The breach affected an undisclosed number of people whose data was processed by Altos Inc. for medical billing, transcription and related services.

According to the California Attorney General's, the information exposed includes name, address, date of birth, Social Security number (PII), and health information (PHI). This combination of sensitive data can be used for identity theft and medical fraud, which increases the severity of the incident.

Altos also disclosed the data breach to the Massachusetts Attorney General's office on Aug. 1, 2025. The cybersecurity incident was reported to the U.S. Department of Health and Human Services on Aug. 11, 2025, reporting at least 6,414 individuals impacted.

Altos' response

Altos is offering complimentary credit monitoring and identity theft protection services through Epiq Privacy Solutions ID for those affected by the breach.

This service includes credit monitoring, credit report and score access, $1 million in identity theft insurance, ID restoration assistance, and dark web monitoring. Affected individuals are encouraged to enroll in these services using the instructions provided in the notice sent by the company.