Skip to main content
A graphic showing different healthcare related items and how they are interconnected

Glendora Surgery Center Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

When you schedule a procedure at an outpatient surgery center, you hand over information that goes far beyond your name and phone number. You share details about your health conditions, your treatment history, and the care you received.

That is exactly the kind of information that was reportedly taken from Glendora Surgery Center late last year, and patients deserve to understand what happened, what risks they may face, and what legal options are on the table. Contact the data breach lawyers at The Lyon Firm to learn more about your legal options. 

What Happened at Glendora Surgery Center?

Glendora Surgery Center, an outpatient surgical facility located in Glendora, California, disclosed a cybersecurity incident that occurred over a five-day window between November 29 and December 3, 2025. The facility detected suspicious activity on its computer network and engaged outside cybersecurity specialists to investigate the scope of the intrusion.

The investigation confirmed that an unauthorized party had accessed and removed data from a portion of the center’s network. The breach was formally reported to the U.S. Department of Health and Human Services on March 27, 2026 — roughly four months after the incident was discovered. A notice was also posted to the facility’s website.

According to the disclosed information, the types of data present in the affected systems included patient names and medical treatment information.

Why Medical Data Breaches Are Especially Dangerous

Not every data breach is the same. A breach involving credit card numbers is serious, but financial institutions can cancel cards and reissue them. Medical information is different. Your treatment history, diagnoses, and care records cannot be changed or reissued. They follow you permanently.

When medical treatment information falls into the wrong hands, the risks include:

  • Fraudulent insurance claims filed under your name for procedures you never received
  • Medical identity theft, where a bad actor uses your health profile to obtain prescriptions or treatment
  • Phishing schemes that reference real breach details to extract additional personal information from you
  • Exploitation of sensitive health information for social engineering attacks

The fact that financial data was not confirmed as exposed does not mean this breach is low-risk. Medical records have significant black market value precisely because they contain unique, permanent identifiers tied to real people.

The Notification Timeline Raises Questions

Glendora Surgery Center discovered the incident on December 3, 2025. The formal report to the Department of Health and Human Services was not made until March 27, 2026 — nearly four months later. California law and federal HIPAA regulations require covered entities to notify affected individuals and report breaches without unreasonable delay, generally within 60 days of discovery for breaches affecting 500 or more individuals.

When notification is delayed, patients spend months unaware that their protected health information may already be circulating. That gap creates real, practical harm. It limits a person’s ability to monitor for misuse, dispute fraudulent claims in time, or take protective steps before damage occurs. The notification timeline in this case is worth examining carefully.

Steps to Take if You Were Affected

If you received a notice from Glendora Surgery Center, or if you believe your information may have been involved, consider taking these steps now:

  • Review your Explanation of Benefits statements from your health insurer for any services or treatments you did not actually receive
  • Request your free credit reports at AnnualCreditReport.com and look for unfamiliar accounts or inquiries
  • Place a fraud alert or credit freeze with Equifax, Experian, and TransUnion as a precautionary measure
  • Contact your healthcare providers if you notice any unfamiliar entries in your medical records
  • Stay alert to phishing emails or calls that reference the breach by name

Your Legal Rights as a California Patient

California offers some of the most comprehensive data privacy protections available. The California Consumer Privacy Act, the California Confidentiality of Medical Information Act, and federal HIPAA regulations all impose legal obligations on healthcare providers to protect patient information with appropriate security measures. When those obligations are not met, affected individuals may have grounds to pursue legal action.

Potential legal claims in healthcare data breach cases can include negligence, breach of contract, and violations of state consumer protection statutes. Recoverable damages may include compensation for time spent addressing identity theft, out-of-pocket costs, and the harm caused by the loss of control over your private health information.

Why Hire The Lyon Firm?

The data breach attorneys at The Lyon Firm have spent years holding healthcare organizations accountable when they fail to protect patient information. We understand the intersection of HIPAA compliance, California privacy law, and civil litigation strategy, and we know how to build cases that produce results.

We represent clients across California and nationwide in data breach and privacy litigation. Our team handles these cases on a contingency fee basis, which means you pay nothing unless we recover compensation on your behalf. If you received a notice from Glendora Surgery Center, or if you suspect your medical information was involved in this incident, you may have a valid legal claim worth pursuing. Time limits apply under California law, so acting promptly matters.

Contact The Lyon Firm today for a free, confidential consultation about your rights.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.