Gardner Health Data Breach Affects 26,000 Patients

Gardner Health Services, a non-profit healthcare provider serving Santa Clara and San Mateo counties in California, recently experienced a significant data breach affecting approximately 26,000 individuals in the United States. Although the exact types of data compromised have not been detailed in public disclosures, ransomware incidents involving healthcare providers typically expose a combination of personally identifiable information (PII) and protected health information (PHI).

According to reports filed with both the California Attorney General’s office and the U.S. Department of Health and Human Services, the breach was disclosed to authorities on Dec. 23, 2025, and April 1, 2025, respectively. While the specific dates of the breach were not provided, the scale and nature of the attack have raised concerns among patients and the broader community.

The breach was the result of a ransomware attack carried out by the CL0P ransomware group, which claimed responsibility for infiltrating the organization’s database and posting about the incident on the Tor network.

The attackers reportedly accessed and exfiltrated sensitive information from Gardner Health Services’ systems. This can include names, addresses, dates of birth, medical records, treatment information, insurance details and potentially Social Security numbers. The CL0P group’s claim of obtaining the organization’s database further suggests that a wide range of patient and possibly employee data may have been impacted.

The company disclosed the breach to the U.S. Department of Health and Human Services on April 1, 2025 and the California Attorney General on Dec. 23, 2025. Impacted individuals have been notified by mail.

Gardner Health Services' response

Following the discovery of the ransomware attack, Gardner Health Services took steps to notify regulatory authorities and begin the process of informing affected individuals. While the public disclosures do not detail every action taken, organizations facing similar breaches typically engage cybersecurity experts to investigate the incident, secure their systems and assess the extent of the compromise.

Those who may have been affected by this breach should remain vigilant for signs of identity theft or fraud. It is recommended to monitor financial accounts, review medical statements for unfamiliar activity and consider placing fraud alerts or credit freezes with major credit bureaus. Affected individuals may also wish to request copies of their medical records to ensure their accuracy and report any discrepancies to their healthcare provider.

Gardner Health Services may offer additional support or resources to those impacted, such as credit monitoring or identity protection services. Individuals should watch for official communications from the organization and follow any instructions provided.