Palomar Health Medical Group (PHMG), a California-based primary and specialty care provider, experienced a severe cybersecurity breach in October 2025. An unauthorized actor gained access to highly sensitive patient data, compromising a vast array of personally identifiable information (PII) and protected health information (PHI). The exposed records included critical identifiers such as Social Security numbers, passport details, military IDs, biometric data, financial account information (including payment cards and health savings accounts), and comprehensive medical histories (diagnostic/treatment records, Medicare/Medicaid IDs, and insurance data). The breach also exposed login credentials (usernames, passwords, and email addresses), heightening risks of identity theft, financial fraud, and further cyber exploits. The incident prompted a legal investigation by Lynch Carpenter, LLP, with affected individuals potentially eligible for compensation. The scale and sensitivity of the leaked data—spanning financial, health, and governmental identifiers—pose grave threats to patient privacy, financial security, and trust in the healthcare provider.
TPRM report: https://www.rankiteo.com/company/palomarhealthmedicalgroup
"id": "pal5692356102225",
"linkid": "palomarhealthmedicalgroup",
"type": "Breach",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Unknown number of individuals '
'(patients)',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Palomar Health Medical Group (PHMG)',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Potential notifications sent to affected individuals '
"(implied by legal investigation form: 'If you "
"received a data breach notification from PHMG...')",
'data_breach': {'data_exfiltration': 'Yes (records obtained by unauthorized '
'person)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['U.S. alien '
'registration number',
'biometric data',
'financial account '
'information',
'payment card '
'information',
'health savings '
'account information',
'military '
'identification '
'number',
'passport number',
'medical history',
'diagnostic/treatment '
'information',
'medical record '
'number',
'Medicare/Medicaid '
'identification '
'number',
'patient account '
'number',
'health insurance '
'information',
'name',
'address',
'date of birth',
'Social Security '
'number',
'driver’s license '
'number',
'state identification '
'number',
'email address and '
'password',
'username and '
'password'],
'sensitivity_of_data': 'Extremely High (includes SSNs, '
'biometric data, medical records, '
'financial details, and authentication '
'credentials)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-10-22',
'description': 'Palomar Health Medical Group (PHMG), a primary and specialty '
'care provider in California, announced a cybersecurity '
'incident where an unauthorized person obtained records '
'containing personally identifiable information (PII) and '
'protected health information (PHI) of an unknown number of '
'patients. The compromised data includes a wide range of '
'sensitive information such as Social Security numbers, '
'medical records, financial details, and biometric data. Lynch '
'Carpenter, LLP is investigating potential legal claims '
'related to the breach.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of highly sensitive patient '
'data; legal investigation underway by '
'Lynch Carpenter, LLP',
'data_compromised': ['U.S. alien registration number',
'biometric data',
'financial account information',
'payment card information',
'health savings account information',
'military identification number',
'passport number',
'medical history',
'diagnostic/treatment information',
'medical record number',
'Medicare/Medicaid identification number',
'patient account number',
'health insurance information',
'name',
'address',
'date of birth',
'Social Security number',
'driver’s license number',
'state identification number',
'email address and password',
'username and password'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'data, and PII)',
'legal_liabilities': 'Under investigation by Lynch Carpenter, LLP '
'for potential class action claims',
'payment_information_risk': 'High (payment card information, '
'financial account details, and health '
'savings account information '
'compromised)'},
'investigation_status': 'Under investigation by Lynch Carpenter, LLP for '
'potential legal claims',
'references': [{'date_accessed': '2025-10-22',
'source': 'Globe Newswire Press Release',
'url': 'https://www.globenewswire.com/news-release/2025/10/22/2222222/0/en/Palomar-Health-Medical-Group-Announces-Cybersecurity-Incident.html'},
{'source': 'Palomar Health Medical Group Official Website',
'url': 'https://www.palomarhealthmedicalgroup.org/'},
{'source': 'Lynch Carpenter, LLP Investigation Page',
'url': 'https://www.lynchcarpenter.com/'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
'(under investigation by Lynch '
'Carpenter, LLP)'},
'response': {'communication_strategy': 'Public disclosure via press release '
'(Globe Newswire); potential '
'notifications to affected individuals '
'(implied by legal investigation)'},
'threat_actor': 'Unauthorized person',
'title': 'Palomar Health Medical Group Data Breach (2025)',
'type': 'Data Breach'}