MACT Health Board Data Breach Exposes Sensitive Patient and Employee Information
MACT Health Board Inc., a nonprofit tribal healthcare provider serving communities across five California counties Mariposa, Amador, Alpine, Calaveras, and Tuolumne reported a data breach that compromised sensitive personally identifiable information (PII). The organization, which operates multiple medical, dental, behavioral health, and pharmacy clinics, detected unauthorized access to its IT systems between November 12 and November 20, 2025.
An investigation, supported by third-party forensic experts and law enforcement, confirmed that exposed data included names, Social Security numbers, medical records (diagnoses, treatment details, insurance information), driver’s license numbers, and other sensitive records. The review of affected files was completed on January 9, 2026.
Affected individuals were notified and offered 12 months of free credit monitoring through Experian IdentityWorks, along with identity theft insurance. The breach has prompted legal action, with law firm Shamis & Gentile P.A. investigating potential compensation claims for those impacted.
MACT Health Board serves American Indian and Alaska Native populations, providing culturally sensitive healthcare to thousands in California’s Sierra Nevada region. The incident underscores the growing risks to healthcare data security and the potential long-term consequences for affected individuals.
Source: https://www.claimdepot.com/investigations/mact-health-board-data-breach-2026
MACT Health Board, Inc. cybersecurity rating report: https://www.rankiteo.com/company/mact-health-board-inc.
"id": "MAC1769447270",
"linkid": "mact-health-board-inc.",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands of American Indian '
'and Alaska Native populations',
'industry': 'Healthcare',
'location': 'Mariposa, Amador, Alpine, Calaveras, and '
'Tuolumne counties, California, USA',
'name': 'MACT Health Board Inc.',
'type': 'Nonprofit Tribal Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Affected individuals notified and offered 12 months '
'of free credit monitoring through Experian '
'IdentityWorks, along with identity theft insurance',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Medical records (diagnoses, '
'treatment details, insurance '
'information)',
'Driver’s license numbers']},
'date_detected': '2025-11-12',
'description': 'MACT Health Board Inc., a nonprofit tribal healthcare '
'provider, reported a data breach that compromised sensitive '
'personally identifiable information (PII). The organization '
'detected unauthorized access to its IT systems between '
'November 12 and November 20, 2025. Exposed data included '
'names, Social Security numbers, medical records, driver’s '
'license numbers, and other sensitive records.',
'impact': {'brand_reputation_impact': 'Potential long-term consequences for '
'affected individuals',
'data_compromised': 'Sensitive personally identifiable information '
'(PII), medical records, insurance '
'information, driver’s license numbers',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims',
'systems_affected': 'IT systems'},
'investigation_status': 'Completed review of affected files on January 9, '
'2026',
'references': [{'source': 'Incident Report'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'investigated by Shamis & Gentile '
'P.A.'},
'response': {'communication_strategy': 'Affected individuals notified and '
'offered 12 months of free credit '
'monitoring through Experian '
'IdentityWorks',
'law_enforcement_notified': True,
'third_party_assistance': 'Forensic experts'},
'title': 'MACT Health Board Data Breach Exposes Sensitive Patient and '
'Employee Information',
'type': 'Data Breach'}