PIH Health Discloses Data Breach Following Ransomware Attack

PIH Health experienced a major data breach that affected its digital environment between Nov. 14, 2024, and Dec. 2, 2024. The incident first came to light on Dec. 1, 2024, when the company discovered unusual activity within a portion of its network.

Immediate steps were taken to secure the network, and a thorough investigation was launched with the support of third-party cybersecurity specialists.

The investigation revealed that an unauthorized actor accessed certain files containing personal information. The review process was extensive and required careful examination of all potentially affected data to determine the scope and impact. By Dec. 16, 2025, PIH Health confirmed that personal information was present in the compromised files. The process of identifying affected individuals and gathering contact information was completed by Feb. 25, 2026.

The breach was publicly disclosed to the California Attorney General on Feb. 27, 2026. According to the disclosure he incident affected individuals across multiple states, including at least 174 Rhode Island residents.

Notably, on Dec. 13, 2024, a threat actor known as Dreamer2000 claimed responsibility for the data leak and posted about it on an open web forum, indicating that the breach was the result of a targeted data leak attack.

PIH Health's response

To help protect those impacted, PIH Health is offering complimentary identity protection services through Experian IdentityWorks. Affected individuals are eligible for a free membership for a specified period, which includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Enrollment instructions and activation codes were provided in the notification letters sent to individuals whose information was exposed.

PIH Health has also implemented additional security measures to help prevent similar incidents in the future. While there is currently no evidence of misuse or attempted misuse of the exposed information, the company encourages affected individuals to remain vigilant by monitoring their account statements and credit reports. Steps such as placing a fraud alert or security freeze on credit files, as well as obtaining an IRS Identity Protection PIN, are recommended for additional protection.

Individuals with questions or concerns can contact Experian’s customer care team for support and guidance on identity restoration and credit monitoring.