Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

Palomar Health Medical Group Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating a cyberattack that has allegedly targeted Palomar Health Medical Group, a provider of primary and specialty care in North San Diego County, California. Contact our data security and data privacy lawyers if you have been contacted by Palomar Health regarding any data security incident. We offer free and confidential data breach case reviews.

What Happened at Palomar Health Medical Group?

Between April 23 and May 5, 2024, Arch Health Partners Inc., operating as Palomar Health Medical Group (PHMG), suffered a significant cybersecurity incident that compromised parts of its computer network. Suspicious activity was first detected on May 5—the same day investigators determined that unauthorized access had ended.

According to PHMG, a third party infiltrated certain systems and may have viewed or copied files during nearly two weeks of unauthorized access. The incident was not confined to one facility or record system; instead, it appears to have affected several PHMG locations and a wide range of patient data.

Following an extensive internal investigation completed on September 4, 2025, PHMG confirmed that sensitive personal and medical information had been exposed. The type of data impacted varies by individual but includes both personally identifiable information (PII) and protected health information (PHI).

The compromised information may include names, addresses, dates of birth, Social Security numbers, driver’s license or state ID numbers, military or passport numbers, U.S. alien registration numbers, and various financial details such as bank or payment card information.

Some individuals may also have had their medical records, diagnostic data, treatment information, biometric identifiers, Medicare or Medicaid numbers, patient account numbers, health insurance details, and even login credentials—such as email addresses, usernames, and passwords—accessed or stolen.

Palomar began an investigation after suspicious activity and a potential cyberattack were detected on its computer network on May 5, 2024. The company says affected systems were taken offline to contain any malware, and services were disrupted.

After Palomar Health Medical Group (PHMG) identified suspicious activity and took the affected systems offline, they launched an investigation into the nature and scale of the event. Patients were informed that some communication systems were down, and were subsequently advised to visit their physicians in person and to expect delays. Third-party cybersecurity specialists were hired to help investigate the incident and identify the source of the attack. Much is unknown at the moment of writing, and patients do not know whether or not any patient data was compromised.

The data security incident appears to be confined to Palomar Health Medical Group. The Palomar Health Healthcare District, which includes Palomar Medical Center Poway and Palomar Medical Center Escondido, was reportedly not affected.

If you receive a data breach notification letter from Palomar regarding the recent cyberattack, it is prudent to begin taking steps to mitigate the risk of medical identity theft. Learn more about protecting your data, and discuss legal action with experienced data theft attorneys. Call now for a free consultation.