Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

AltaMed Health Services Data Breach: What Patients Need to Know About Their Legal Rights

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a recently reported data security incident at California’s AltaMed Health. A disclosure has been sent out to the California Attorney General’s office, and data breach notification letters are being sent to all known impacted individuals. Contact our legal team to assess your case and to learn more about how to file a class action complaint in order to seek compensation. We have filed numerous data breach lawsuits on behalf of plaintiffs in California and nationwide.

UPDATE: A cyberattack on AltaMed Health Services Corporation — a major California provider of primary care, senior care, and health and human services — is raising serious concerns about the safety of patient data and the legal options available to those affected.

What Happened?

On December 14, 2025, AltaMed detected unauthorized access to portions of its computer systems — the kind of disruption typically associated with a ransomware attack. The organization activated emergency protocols, engaged outside cybersecurity specialists, and notified law enforcement. Care operations continued throughout the incident, but the damage to data was already done.

The investigation confirmed that compromised systems held sensitive patient information, including full names, dates of service, and payment data. The full scope of the breach remains under investigation, and the incident has not yet appeared on the HHS Office for Civil Rights breach portal, meaning the total number of patients affected is still unknown.

Why This Matters Legally

Healthcare data breaches are not just IT problems — they are legal events with real consequences for real people. When a covered healthcare entity fails to maintain reasonable cybersecurity safeguards, affected patients may have grounds for legal action under state consumer protection laws, negligence theories, and federal privacy regulations including HIPAA.

Payment information exposure carries particular risk. Compromised billing data can fuel identity theft, fraudulent insurance claims, and unauthorized financial transactions that take months or years to unravel.

AltaMed has advised patients to carefully review their statements and report any unfamiliar charges — sound advice, but far from sufficient protection on its own.

What Affected Patients Should Do

If you received care through AltaMed and suspect your information was compromised, document everything. Save any communications from AltaMed, monitor your credit and financial accounts closely, and consider placing a fraud alert with the major credit bureaus. Most importantly, consult with an attorney before assuming you have no recourse.

The Lyon Firm: Advocates for Data Breach Victims

The Lyon Firm represents individuals whose private health and financial information has been exposed through corporate negligence and inadequate data security. If you were affected by the AltaMed breach, you may be entitled to compensation. Contact us today for a free, confidential consultation — we work on contingency, so there is no cost unless we recover for you.

History of Security Lapses at AltaMed

Back in August 2024, AltaMed Health Services Corporation allegedly experienced a serious data breach that compromised sensitive information belonging to patients and staff. The breach reportedly involved unauthorized access to a wide range of personally identifiable information (PII) and protected health information (PHI).

The exposed personal data may include the following: Social Security numbers, dates of birth, driver’s license or state identification numbers, passport numbers, foreign national ID numbers, personal email addresses, personal telephone numbers, medical record numbers, Medicare or Medicaid ID numbers, medical billing details, doctor or provider names, dates of service, payment information for health services, medical history, medical treatment details, mental or physical condition or diagnosis, procedure information, COVID-19 test results or vaccination status, prescription information, incidental health references, health insurance policy numbers, other health insurance information, handwritten signatures, genetic data, mother’s maiden name, and usernames and passwords.