Pulse Urgent Care Discloses Data Breach Exposing Patients' Protected Health Info

Northern California-based, Pulse Urgent Care Center, experienced a data breach earlier this year that impacted sensitive patient information. On March 24, 2025, the organization discovered suspicious activity within its network, which was later confirmed to be a ransomware attack orchestrated by the MEDUSA group.

The attackers gained unauthorized access to Pulse Urgent Care Center’s systems and deployed malicious software, compromising the security of the network and data.

The breach was severe in both scope and method. MEDUSA, a well-known ransomware group, claimed responsibility for the attack, stating on their dark web portal that they had obtained approximately 60.70 GB of data from the organization. They threatened to publish the data within eight to nine days and provided sample screenshots as evidence of their access.

According to the notice to consumers posted on Pulse Urgent Care Center’s website, an investigation was conducted with the help of a leading cybersecurity and forensic firm revealed that the compromised data included both personally identifiable information (PII) and protected health information (PHI).

The exposed information may include patient names, dates of birth, home addresses, phone numbers, and treatment details such as dates of treatment, reasons for treatment, diagnoses, and other similar medical information. As of this writing, there is no evidence that the stolen information has been misused, but the risk remains given the nature of the breach and the threat to publish the data on the dark web.

Pulse Urgent Care Center’s response

Pulse Urgent Care Center is conducting a comprehensive review to determine exactly which individuals and what information were affected. The company has committed to notifying impacted patients directly as soon as this review is complete. In the meantime, they have advised all patients to monitor their accounts for suspicious activity, including reviewing any explanation of benefits statements for signs of unauthorized use.

For those seeking more information or assistance, Pulse Urgent Care Center has set up a dedicated phone line at 530-722-1111, available Monday through Friday from 8:30 a.m. to 4:30 p.m. PT.

Given the severity of the breach, it is important for affected individuals to remain vigilant. Patients should consider placing fraud alerts on their credit reports, monitoring their medical records for inaccuracies, and being cautious of any unsolicited communications referencing their medical care.