PHMG Data Breach Exposes Sensitive Patient and Financial Information
California-based Palomar Health Medical Group (PHMG), a network of hospitals, clinics, and urgent care centers across Northern San Diego and Southern California, is investigating a data breach involving a third-party business associate. The incident, discovered on or around March 11, 2026, revealed unauthorized access to files containing PHMG patient data, though PHMG’s own systems were reportedly unaffected.
The exposed information may include names, addresses, dates of birth, Social Security numbers, credit/debit card details, email addresses, usernames, and passwords. Additionally, medical records such as diagnoses, prescriptions, health insurance details, and medical record numbers were potentially compromised.
PHMG identified suspicious activity in its associate’s hosted environment and launched an investigation, confirming that PHMG data was among the files accessed. While the full scope of affected individuals remains unclear, legal teams are exploring potential class action lawsuits on behalf of impacted patients, citing risks of identity theft, financial fraud, and privacy violations.
Authorities, including the U.S. Department of Health and Human Services, have been notified. Further details, including official notifications to affected individuals, are expected as the investigation progresses.
Source: https://www.classaction.org/data-breach-lawsuits/palomar-health-medical-group-may-2026
Palomar Health cybersecurity rating report: https://www.rankiteo.com/company/palomar-health
Medcurity cybersecurity rating report: https://www.rankiteo.com/company/medcurity
"id": "PALMED1779402262",
"linkid": "palomar-health, medcurity",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Northern San Diego and Southern '
'California, USA',
'name': 'Palomar Health Medical Group (PHMG)',
'type': 'Healthcare Provider'}],
'attack_vector': 'Third-party compromise',
'data_breach': {'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers',
'Email Addresses',
'Usernames',
'Passwords'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information',
'Financial Information',
'Medical Records']},
'date_detected': '2026-03-11',
'description': 'California-based Palomar Health Medical Group (PHMG) is '
'investigating a data breach involving a third-party business '
'associate. The incident revealed unauthorized access to files '
'containing PHMG patient data, including sensitive personal, '
'financial, and medical information.',
'impact': {'brand_reputation_impact': 'Potential privacy violations and '
'identity theft risks',
'data_compromised': 'Sensitive patient and financial information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuits',
'payment_information_risk': 'High',
'systems_affected': "Third-party business associate's hosted "
'environment'},
'investigation_status': 'Ongoing',
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits',
'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services'},
'response': {'law_enforcement_notified': 'U.S. Department of Health and Human '
'Services'},
'title': 'PHMG Data Breach Exposes Sensitive Patient and Financial '
'Information',
'type': 'Data Breach'}