Skip to main content
Woman looking at a medical form showcasing digital data exposure and the role of a HIPAA violation lawyer.

Centric Health Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

In December 2025, Centric Health, a healthcare provider based in Bakersfield, California, reported a data breach to the U.S. Department of Health and Human Services (HHS) that affected 6,855 individuals.

The company filed the breach notification on December 10, 2025, indicating that sensitive personal information was compromised in the incident. The disclosure to HHS is part of the HIPAA Breach Notification Rule, which requires covered entities to report breaches of unsecured protected health information (PHI).

What happened at Centric Health?

According to public breach reports, the incident occurred within Centric Health’s systems, and the provider has sent notices to affected individuals explaining what happened and when. At minimum, the breach involved personally identifiable information that may include names and other sensitive details tied to patients’ medical records or contact information, although the exact data categories have not been enumerated in publicly available summaries. Centric Health’s reporting to federal authorities triggered notifications not only to HHS but also to multiple state Attorneys General offices under applicable breach reporting laws.

Federal and state law requires healthcare providers and their business associates to implement reasonable administrative, physical, and technical safeguards to protect PHI and to promptly notify individuals when breaches occur. In this case, Centric Health complied with its notification obligations by reporting the breach to HHS and issuing individual notices to affected people. These actions give individuals specific information about the incident, including the nature of the breach, estimated date of occurrence, and contact information for assistance.

What Information Was Involved in the Centric Health Breach

Individuals who received a breach notice from Centric Health should first review the communication carefully for specific details about what types of information were involved. Monitoring credit reports, bank and health insurance accounts, and explanation of benefits statements is a prudent step to identify any suspicious activity. Placing a fraud alert or credit freeze with major credit reporting agencies can help prevent identity thieves from opening new accounts in an affected person’s name. While health data breaches do not always involve financial account numbers, compromised information such as Social Security numbers or addresses can increase identity theft risk.

Under HIPAA and related California privacy laws, breach victims may have legal rights to pursue remedies if the data holder failed to maintain reasonable security practices. Damages in such cases can include reimbursement for costs related to credit monitoring, identity theft restoration services, and compensation for time spent addressing breach-related issues. Class action and individual claims can be considered depending on the circumstances of the incident.

Why Hire The Lyon Firm for a Data Breach Case

Why Hire The Lyon Firm: Navigating post-breach legal options can be complex. The Lyon Firm focuses on data breach and privacy litigation, offering experience in analyzing breach facts, assessing legal claims, and advising clients on pursuing compensation. Their team is familiar with federal and state privacy statutes and can help individuals understand what evidence is needed to support a claim and how to hold entities accountable for inadequate data security.

If you received a notice from Centric Health or believe your personal data was exposed, contact a qualified data breach attorney today to review your rights. Taking prompt action can protect your identity and help ensure your legal interests are preserved.

CONTACT THE LYON FIRM

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.