.png)
Palomar Health Medical Group Data Breach Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Arch Health Partners, Inc. d/b/a Palomar Health Medical Group data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Arch Health Partners, Inc. d/b/a Palomar Health Medical Group
Palomar Health Medical Group (PHMG), is a not-for-profit healthcare organization serving North San Diego County and parts of Riverside County. PHMG was created through the alignment of Graybill Medical Group and Arch Health Medical Group, making it one of the largest healthcare providers in the region.
PHMG operates a network of more than 20 locations, employs approximately 170 primary and specialty care physicians, and is supported by around 600 staff members. The organization serves over 150,000 patients, offering a wide range of medical services including family medicine, internal medicine, urgent care, orthopedics and more.
What Happened?
On May 5, 2024, Palomar Health Medical Group discovered suspicious activity on certain computer systems within its network. An investigation revealed that an unauthorized actor had gained access to specific files from April 23, 2024, to May 5, 2024, and may have copied those files.
The organization completed a comprehensive review of the affected files and determined that sensitive information related to current and former patients could be impacted.
Information Exposed:
- Name
- Address
- Date of birth
- Social Security number
- Driver’s license number
- State identification number
- Military identification number
- Passport number
- U.S. alien registration number
- Financial account information
- Payment card information
- Health savings account information
- Medical history
- Diagnostic/treatment information
- Biometric data
- Medical record number
- Medicare/Medicaid identification number
- Patient account number
- Health insurance information
- Email address and password
- Username and password
The breadth of information exposed could put affected individuals at risk for identity theft and other forms of fraud. The medical group began notifying impacted patients by mail on Oct. 15, 2025.
The cyberattack was also disclosed to the California and Massachusetts Attorney Generals' offices on Oct. 15, 2025.
Your Rights and Next Steps
If you received a notification letter from Palomar Health Medical Group or believe your information may have been involved, there are important steps you can take to protect yourself.
First, PHMG is offering complimentary credit monitoring and identity restoration services through Experian for a limited time. Taking advantage of these services can help detect and address potential misuse of your information.
You should also:
- Review your account statements and explanation of benefits for any unauthorized activity
- Monitor your credit reports for suspicious activity or errors
- Consider placing a fraud alert or a credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion)
- Report any signs of identity theft to law enforcement and your state Attorney General
Under federal law, you are entitled to one free credit report per year from each of the three major credit reporting agencies. For more information on protecting your identity, you can contact the Federal Trade Commission.
Lawyers are ready to help individuals affected by this breach understand their rights and pursue compensation if appropriate. If you have questions about your options or how to proceed, you are not alone.
You May Be Entitled to Compensation
If your personal information was exposed in the Palomar Health Medical Group data breach, you may be eligible for compensation. Lawsuits and class actions are often filed after breaches like this, especially when sensitive information is involved. By joining a lawsuit, you may be able to recover money for any harm suffered or for the risk and inconvenience caused by the breach.
Lawyers are ready to help guide you through the process and fight for your rights. To see if you qualify and take the first step toward compensation, complete the below form to join the lawsuit investigation.
.svg)