Imperial Beach Community Clinic Hit by Prolonged Data Breach Affecting Patients and Staff
Imperial Beach Community Clinic (IB Clinic), a San Diego-based healthcare provider, disclosed a data breach involving unauthorized access to its email systems, potentially exposing sensitive information. The incident was reported to the California Attorney General on January 6, 2026, following an investigation into suspicious activity detected on April 15, 2025.
The breach occurred over a three-month period, from February 4 to May 2, 2025, during which an unauthorized individual may have accessed and copied data within the clinic’s email environment. While the exact types of exposed information remain unspecified, the clinic completed its review of affected individuals on December 30, 2025.
In response, IB Clinic secured its systems, engaged cybersecurity and legal experts, and began notifying potentially impacted patients and staff—despite no evidence of data misuse. As a precaution, the clinic is offering 12 months of complimentary credit monitoring, reports, and scores through Cyberscout (a TransUnion company), with enrollment required within 90 days of notification. Affected individuals may also place fraud alerts or security freezes on their credit files.
A dedicated assistance line (833-543-5741) has been established for inquiries, operating Monday through Friday, 8 a.m. to 8 p.m. ET. The clinic continues to assess the full scope of the incident.
Source: https://www.claimdepot.com/data-breach/ib-clinic-2026
Imperial Beach Community Clinic cybersecurity rating report: https://www.rankiteo.com/company/imperial-beach-community-clinic
"id": "IMP1767828836",
"linkid": "imperial-beach-community-clinic",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and staff',
'industry': 'Healthcare',
'location': 'San Diego, California',
'name': 'Imperial Beach Community Clinic',
'type': 'Healthcare Clinic'}],
'attack_vector': 'Unauthorized access to email environment',
'customer_advisories': 'Offered complimentary credit monitoring, credit '
'report, and credit score services for 12 months via '
'Cyberscout; provided guidance on protective steps',
'data_breach': {'data_exfiltration': 'Potential copying of data',
'personally_identifiable_information': 'Potential',
'sensitivity_of_data': 'Sensitive information'},
'date_detected': '2025-04-15',
'date_publicly_disclosed': '2026-01-06',
'date_resolved': '2025-12-30',
'description': 'San Diego based Imperial Beach Community Clinic experienced a '
'data breach involving unauthorized access to the clinic’s '
'email environment, with the potential copying of sensitive '
'information.',
'impact': {'data_compromised': 'Sensitive information potentially copied',
'identity_theft_risk': 'Potential',
'systems_affected': 'Email environment'},
'initial_access_broker': {'entry_point': 'Email environment'},
'investigation_status': 'Concluded',
'references': [{'date_accessed': '2026-01-06',
'source': 'California Attorney General Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed disclosure with '
'the California '
'Attorney General'},
'response': {'communication_strategy': 'Notified potentially affected '
'individuals; provided guidance on '
'protective steps',
'containment_measures': 'Secured systems to prevent further '
'unauthorized access',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Engaged cybersecurity experts to '
'investigate and identify data exposure',
'third_party_assistance': 'Cybersecurity experts, legal counsel, '
'and third-party forensics '
'specialists'},
'title': 'Imperial Beach Community Clinic Data Breach',
'type': 'Data Breach'}