Skip to main content
photo of the covenant care web site

Covenant Care California Data Breach Investigation

Written by The Lyon Firm on . Posted in Data Breach, Litigation Update.

The Lyon Firm is actively involved in class action personal privacy and data theft cases and is currently investigating Covenant Care California data breach claims on behalf of plaintiffs in California and nationwide. Contact our data breach attorneys to review your data privacy claims.

What Happened at Covenant Care California?

The health entity recently announced that it had experienced a data breach in which the sensitive personal identifiable information (PII) and protected health information (PHI) in its systems may have been compromised, including the following:

  • Name
  • Social Security number
  • Date of birth
  • Driver’s license or state ID
  • Financial account information
  • Credit or debit card information
  • Medical information (e.g., diagnosis or treatment information, claims and billing information)

According to the notice sent to the office of the state Attorney General, in November 2023, Covenant Care identified suspicious activity related to their IT network. As a result, Covenant Care launched an investigation, but it is unclear why it took over nine months to begin contacting impacted individuals. They concluded that data on its systems may have been stolen by an unauthorized third-party between November 12 and November 14, 2023.

Covenant Care California, LLC has begun sending out data breach notification letters outlining details of a recent data breach that allegedly involved sensitive personal information and protected health information belonging to a large number of patients who received services from Covenant Care or a facility operated by the health system.

This not the first data security incident for the company. In fact, they sent out letters just two years ago regarding a similar incident. Back in February 2022, Covenant Care discovered a data breach in which the sensitive personal information and protected health insurance information it is systems may have been accessed. In May, Covenant Care began notifying individuals whose information may have been impacted, and more recently filed additional data breach notifications with various state governments signifying that more impacted individuals likely needed notification

Health Care Companies Potentially Impacted by 2022 the phishing attacks:

  • Focus Health
  • RehabFocus Home Health
  • Elevate Health Group
  • Choice Home Health
  • San Diego Home Health

Covenant Care, based in Aliso Viejo, California, operates skilled nursing and residential care facilities in California and Nevada. The company has grown to operate over 30 healthcare and rehabilitation centers and employs over 8,000 healthcare professionals, and cares for 4,000 residents and patients in its facilities. Their rehabilitation centers include Wagner Heights Nursing and Rehabilitation Center and Silver Hills Health Care Center.