Community Health Systems Data Breach: PHI and PII Exposed

Community Health Systems Inc., a Southern California healthcare provider with six clinic locations in San Bernardino, Riverside and San Diego counties, disclosed a data breach.

Around Feb. 28, 2026, Community Health Systems was alerted to unusual activity on its computer. The organization began an investigation into the nature and scope of the event with the assistance of third-party cybersecurity specialists.

Through the investigation, the company identified potential unauthorized access to certain data stored on its network. Community Health Systems then initiated a comprehensive review of the data to determine what information was involved.

The personally identifiable information potentially compromised includes names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, financial account information and driver's license or state ID numbers.

The protected health information that may have been accessed includes treatment or diagnosis information, prescription information, dates of service, provider names, medical record numbers, patient ID numbers, Medicare or Medicaid ID numbers, health insurance information and medical billing or claims information.

The total number of people affected by the breach has not been publicly disclosed, and the company's ongoing review may reveal additional details about the scope of the incident. The company disclosed the incident publicly via PR Newswire on April 29, 2026

Community Health Systems' response to the breach

Community Health Systems encouraged individuals to remain vigilant against incidents of identity theft and fraud. The company recommended that people closely monitor their accounts for suspicious activity or errors.

At this time, the company has not announced free credit monitoring or identity protection services for those who may have been affected. Because the breach potentially involves Social Security numbers, financial account details and sensitive medical records, individuals may want to take proactive steps on their own to safeguard their information.

Individuals with questions about the incident can contact Community Health Systems Inc. by phone at 951-571-2300.

They can also reach the company by mail at 7880 Mission Grove Parkway South, Riverside, CA 92508.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with the three major credit reporting agencies: TransUnion at 1-800-680-7289, Experian at 1-888-397-3742 and Equifax at 1-888-298-0045.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, unauthorized inquiries or other signs of potential misuse.
• Monitor bank and financial account statements closely for unauthorized charges, new accounts opened without permission or unexpected withdrawals, as financial account information may have been among the data exposed in this breach.
• Review Explanation of Benefits statements from health insurers for any medical services, prescriptions or equipment that were not received, since protected health information was potentially compromised.
• Be cautious of phishing attempts that reference Community Health Systems Inc. or this data breach by name, because scammers may use stolen personal or medical details to craft convincing emails, phone calls or text messages.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338 for step-by-step guidance on protecting personal information and beginning the recovery process.