Watsonville Hospital Data Breach Affects Entire Patient Database

Published
October 16, 2025
Updated
October 16, 2025
Watsonville Hospital Data Breach Affects Entire Patient Database
Watsonville Community Hospital
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Watsonville Community Hospital

data breach?

Join the Lawsuit

It's free to join. 

Watsonville Community Hospital experienced a cyberattack. On Nov. 29, 2024, the hospital detected suspicious activity within its network. An investigation determined that an unauthorized actor gained access to the hospital systems between Nov. 25, 2024 and Nov. 30, 2024, and downloaded files containing sensitive information.

The ransomware group TERMITE claimed responsibility for the data breach and posted sample screenshots of the stolen data on their dark web portal, further substantiating their claims. Watsonville Community Hospital published a Notice of Data Privacy Incident on its website on Oct. 15, 2025.

Exposed information included names, addresses, medical record numbers, full or partial Social Security numbers, date of birth, tax ID numbers, driver’s license or government ID numbers, passport numbers, financial account information, payment card information, access credentials, birth certification, clinical or treatment information, medical procedure information, medical provider names, prescription information and health insurance information.

This data breach is considered severe, as ransomware attacks involve both system hacking and the risk of data being leaked or sold online. Watsonville Community Hospital began notifying affected individuals by mail on Oct. 15, 2025.

The cybersecurity incident was also disclosed to the California Attorney General's office on Oct. 16, 2025. The total number of individuals impacted by the breach has not been released but is believed to include thousands of patients.

Watsonville Community Hospital's response

The hospital responded to the cyberattack by restoring functionality to its IT network, engaged cybersecurity experts and notified federal law enforcement. In addition to required state and federal disclosures, the healthcare organization is offering impacted patients free IDX credit monitoring and identity protection services.

If you receive a notice from Watsonville Community Hospital about this breach, you may want to:

  • Sign up for the free IDX credit monitoring and identity protection services, offered by the hospital.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

The hospital has also established a dedicated assistance line at 1-833-661-1932, available Monday through Friday from 6 a.m. to 6 p.m. Pacific Time.

More information about the hospital can be found on the Watsonville Community Hospital website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
November 30, 2024
Breach Discovered Date
on or about September 22, 2025
Total People Affected
Information Types Exposed
  • access credentials
  • address
  • birth certification
  • clinical or treatment information
  • date of birth
  • driver’s license/government ID number
  • financial account information
  • full or partial Social Security number
  • health insurance information

-

CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image