Skip to main content

¿Hablas español? Ofrecemos asistencia legal en tu idioma.

Medical Record

PIH Health Ransomware Attack Review | Data Breach Lawyers

The class action data breach lawyers at The Lyon Firm are investigating a ransomware attack reported by PIH Health in California. The December 2024 data security incident is still being investigated by industry experts and more information regarding the fallout will emerge in the coming weeks. Contact our legal team to learn more about your legal options and about how to protect yourself from fraud and medical identity theft when unfortunate events like this occur.

More about the developing story here.

What Happened at PIH Health?

PIH Health, operating our of Whittier, California, has experienced what they are calling a network disruption that has affected its operations enough to make an announcement on their website. The alleged network “disruption”, which was first discovered on December 1, and has impacted the hospital’s application and communication systems. Affected PIH Health locations include PIH hospitals in Whittier, Downey, and Los Angeles, CA.

Thus far, PIH Health has been forthcoming about an alleged ransomware attack, and has published updates on the cyber security incident on the company website. They say the attack compromised their network, but to what degree is uncertain.

The PIH Health Downey Hospital, PIH Health Good Samaritan Hospital, PIH Health Whittier Hospital, Urgent Care Centers, doctor’s offices and the company’s home health and hospice agency were all impacted. As of writing, PIH Health Urgent Care Centers and Emergency Rooms are still open, however, patient health records, laboratory systems, pharmacy, radiology, patient registration, and all other IT systems and tools are currently inoperable.

Outpatient imaging and laboratory services are open, but staff do not have access to any electronic orders, so a physical copy of a physician order is necessary for any patient appointment. You may have to visit your physician’s office if you do not have a copy of the original order.

Has the personal data of PIH patients been compromised?

PIH says it is working with third-party cyber forensic specialists to identify the nature and full scope of the incident. In these types of ransomware attacks, data is indeed at risk because medical data has a significant value and can be sold via the dark web and hacker forums.

Our attorneys believe that any health entity that collects and stores your sensitive data has a duty to properly protect it from ransomware attacks. If a company is deemed negligent and has not maintained reasonably secure IT security systems, they may be held accountable. Plaintiffs can seek compensation for any possible damages. Contact us for a free case review.