Harbor Regional Center Data Breach Exposes PHI & PII

On Sept. 2, 2025, Harbor Regional Center discovered potential unauthorized access to an employee email account, raising concerns about the security of sensitive client information. By Sept. 29, 2025, the investigation confirmed that a limited amount of protected health information (PHI) and personally identifiable information (PII) may have been accessed.

According to the notification of data security incident posted on the center's website, the exposed information may include names, addresses, dates of birth, Social Security numbers, medical information, patient IDs or account numbers, Medicare or Medicaid numbers, health insurance details, medical diagnoses and treatment information, medical history, prescription information, medical lab or test results, treatment locations, treatment dates and provider names.

The specific information affected varies for each individual; for some, only one type of data may have been involved, while for others, multiple types were potentially exposed. The exposure of PII and PHI puts individuals at risk of identity theft and medical fraud.

The breach was limited to a single employee email account, but the data within that account could be extensive given Harbor Regional Center’s role in coordinating care for thousands of individuals with developmental disabilities in Los Angeles County. The identity of the responsible party remains unknown.

Harbor Regional Center's response

In response to the breach, Harbor Regional Center took immediate steps to secure the affected email account by resetting its password. The organization brought in outside forensic experts to conduct a thorough investigation and determine what information was at risk. Harbor Regional Center is offering complimentary credit monitoring services to those whose information may have been compromised.

Harbor Regional Center began notifying affected individuals by U.S. mail to their most recent address on file.

If you receive notification from Harbor Regional Center or your provider about this breach, you may want to:

• Sign up for the free identity theft protection services offered by Harbor Regional Center.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

HRC has established a dedicated hotline at 833-647-1407 and a privacy email address at Privacy.Records@harborrc.org for questions or concerns.