Planned Parenthood Northern California Data Breach Exposes SSNs & Medical Info

On Dec. 10, 2025, Planned Parenthood Northern California (PPNorCal) learned from its business associate OCHIN about a significant cybersecurity incident involving OCHIN’s subcontractor, Trizetto Provider Solutions (TPS). This breach affected TPS’s information systems, which store patient insurance eligibility and related data.

According to the investigation, unauthorized access to these systems began in Nov. 2024 and continued until Oct. 2, 2025. The breach was not discovered until months after the initial compromise, raising concerns about the scope and duration of exposure. While the exact number of affected patients has not been specified, PPNorCal serves approximately 90,000 patients annually, suggesting a potentially large impact.

The data compromised in the TPS data security incident included both personally identifiable information (PII) and protected health information (PHI), including name, date of birth, Social Security number, health insurance member number (which, for some, is a Medicare beneficiary identifier), health insurer name, dependent information, demographic information and health insurance information.

The breach was officially disclosed to the California Attorney General’s office on Dec. 30, 2025. Impacted individuals have been notified by mail.

Planned Parenthood Northern California's response

In response to the breach, PPNorCal has worked closely with OCHIN and TPS to secure affected systems and investigate the incident with the support of independent cybersecurity experts. Law enforcement was also notified. The organizations have taken steps to strengthen safeguards and prevent future breaches.

To support those affected, TPS is offering complimentary single-bureau credit monitoring, credit report and credit score services. Impacted individuals will receive instructions on how to enroll in these services, with enrollment information expected in early Feb. 2026.

Since the breach involved sensitive PII and PHI, PPNorCal recommends that patients:

• Monitor credit, financial and health insurance accounts for suspicious activity
• Request a free credit report from Equifax, Experian and TransUnion
• Consider placing a fraud alert or credit freeze with the credit bureaus if misuse is suspected

A dedicated call center for affected individuals is expected to be operational by Feb. 9, 2026. In the meantime, patients can contact PPNorCal’s Privacy Officer at privacy.officer@ppnorcal.org or by phone at 925-676-0505.