Mission City Community Network Data Breach Exposes Protected Health Information

On June 6, 2025, Mission City Community Network (MCCN) discovered suspicious activity on their network, which led to the identification of a significant data security incident. According to the official notice, an unauthorized individual gained access to MCCN’s systems for a limited period. Forensic experts were immediately engaged to investigate, and it was determined that documents containing a limited amount of protected health information (PHI) may have been copied from the network during the incident.

Further complicating the situation, the SAFEPAY ransomware group claimed responsibility for the attack. On June 23, 2025, the group posted on a Tor-based dark web site, stating they had obtained 198 GB of data from MCCN.

The data breach was also disclosed to the California Attorney General on Oct. 24, 2025.

Mission City Community Network's response

In the immediate aftermath of the breach, MCCN took several steps to secure their network and limit further unauthorized access. They changed passwords and implemented additional security measures across their systems. The organization also launched a thorough investigation to determine which individuals were affected and what specific information was compromised.

MCCN began notifying affected individuals by mail on Oct. 24, 2025. The company is offering people involved in the cybersecurity incident free IDX credit monitoring and identity protection services.

Although there is no evidence at this time that the stolen information has been misused, MCCN encourages all potentially affected individuals to remain vigilant. Recommended actions include reviewing bank accounts and financial statements for suspicious activity and consulting the Federal Trade Commission’s resources on identity theft and online security.

Anyone with questions can contact MCCN’s dedicated toll-free support line at 833-353-4120, available Monday through Friday from 6 am to 6 pm PST. Additional information and the full notice can be found on the Mission City Community Network data security incident page.

Given the ransomware nature of the attack and the claim that nearly 200 GB of data was exfiltrated, individuals connected to MCCN should take these recommendations seriously, even if they have not yet received a notification letter.