Palomar Health Medical Group: Palomar Health Medical Group Data Breach Exposes Social Security Numbers & PHI

Palomar Health Medical Group Suffers Major Data Breach Affecting Thousands

Between April 23 and May 5, 2024, Palomar Health Medical Group (PHMG), operating as Arch Health Partners Inc., experienced a significant data breach after an unauthorized actor gained access to its computer systems. The intrusion was detected on May 5, 2024, marking the final day of unauthorized access.

An investigation concluded on September 4, 2025, revealed that the breach exposed highly sensitive data, including personally identifiable information (PII) and protected health information (PHI). Compromised records may contain names, addresses, dates of birth, Social Security numbers, driver’s license details, financial account information, medical histories, insurance data, and login credentials. The breach spanned multiple locations, affecting current and former patients across several states, with at least 374 individuals in Massachusetts confirmed impacted though the total number is expected to be far higher.

The severity of the breach lies in the breadth of exposed data, which could facilitate identity theft, medical fraud, and financial exploitation. Notifications were filed with the Massachusetts and California Attorneys General on October 15, 2025, and affected individuals began receiving mailed notices the same day.

In response, PHMG is providing complimentary credit monitoring and identity restoration services through Experian, including daily credit monitoring, identity theft insurance, and restoration assistance. The organization has also advised impacted individuals to monitor their accounts and credit reports for suspicious activity over the next 12 to 24 months.

Source: https://www.claimdepot.com/data-breach/palomar-health-medical-group-2025

Palomar Health Medical Group cybersecurity rating report: https://www.rankiteo.com/company/palomarhealthmedicalgroup

"id": "PAL1774024568",
"linkid": "palomarhealthmedicalgroup",
"type": "Breach",
"date": "4/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Thousands (374 confirmed in '
                                              'Massachusetts)',
                        'industry': 'Healthcare',
                        'location': 'United States (multiple states)',
                        'name': 'Palomar Health Medical Group (PHMG) / Arch '
                                'Health Partners Inc.',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Complimentary credit monitoring and identity '
                        'restoration services through Experian, including '
                        'daily credit monitoring, identity theft insurance, '
                        'and restoration assistance.',
 'data_breach': {'number_of_records_exposed': 'Thousands',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         'Driver’s license '
                                                         'details',
                                                         'Financial account '
                                                         'information',
                                                         'Medical histories',
                                                         'Insurance data',
                                                         'Login credentials'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Protected health information '
                                              '(PHI)']},
 'date_detected': '2024-05-05',
 'date_publicly_disclosed': '2025-10-15',
 'date_resolved': '2025-09-04',
 'description': 'Between April 23 and May 5, 2024, Palomar Health Medical '
                'Group (PHMG), operating as Arch Health Partners Inc., '
                'experienced a significant data breach after an unauthorized '
                'actor gained access to its computer systems. The intrusion '
                'was detected on May 5, 2024, marking the final day of '
                'unauthorized access. The breach exposed highly sensitive '
                'data, including personally identifiable information (PII) and '
                'protected health information (PHI).',
 'impact': {'data_compromised': 'Personally identifiable information (PII) and '
                                'protected health information (PHI)',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'investigation_status': 'Completed',
 'recommendations': 'Affected individuals advised to monitor accounts and '
                    'credit reports for suspicious activity over the next 12 '
                    'to 24 months.',
 'references': [{'source': 'Massachusetts Attorney General Filing'}],
 'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
                                                        'Attorney General',
                                                        'California Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Mailed notices to affected '
                                        'individuals',
              'third_party_assistance': 'Experian (credit monitoring and '
                                        'identity restoration services)'},
 'title': 'Palomar Health Medical Group Suffers Major Data Breach Affecting '
          'Thousands',
 'type': 'Data Breach'}