Imperial Beach Clinic Discloses Data Breach to California Residents

San Diego based Imperial Beach Community Clinic recently experienced a data breach that may impact patients and staff. According to a disclosure filed with the California Attorney General on Jan. 6, 2026, the incident involved unauthorized access to the clinic’s email environment, with the potential copying of sensitive information.

The data breach at Imperial Beach Community Clinic (“IB Clinic”) occurred over an extended period, beginning on Feb. 4, 2025, and continuing until May 2, 2025. On April 15, 2025, the clinic detected unusual activity within its email systems. Upon this discovery, the clinic immediately launched an internal investigation and engaged legal counsel as well as third-party forensics specialists to determine the scope and impact of the incident.

The investigation revealed that an unauthorized individual may have accessed and copied certain information from the clinic’s email environment during the breach window. The review to identify what specific information was affected and which individuals were impacted concluded on Dec. 30, 2025.

At this time, IB Clinic has not publicly specified the exact types of consumer data exposed.

IB Clinic's response

Following the discovery of the breach, IB Clinic took immediate steps to secure its systems and prevent further unauthorized access. The clinic retained cybersecurity experts to investigate the incident and identify the full extent of the data exposure. Out of an abundance of caution, IB Clinic is notifying all potentially affected individuals, even though there is no evidence so far of actual or attempted misuse of the information.

To support those affected, the clinic is offering complimentary services including:

• Single Bureau Credit Monitoring
• Single Bureau Credit Report
• Single Bureau Credit Score services for 12 months from the date of enrollment

These services are provided through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. Impacted individuals must enroll within 90 days of receiving the notification letter to take advantage of these services. In addition, the clinic has provided guidance on steps individuals can take to protect themselves, such as monitoring credit reports, placing fraud alerts or security freezes, and contacting financial institutions as needed.

Those with questions or concerns are encouraged to call the dedicated assistance line at 833-543-5741, Monday through Friday, 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays.