**Planned Parenthood Northern California Data Breach Exposes Sensitive Patient Information**
Planned Parenthood Northern California (PPNorCal), a leading provider of sexual and reproductive health services across 20 counties, is investigating a data breach affecting an undisclosed number of patients. The incident stemmed from unauthorized access to systems managed by Trizetto Provider Solutions (TPS), a subcontractor of PPNorCal’s business associate, OCHIN.
The breach was discovered on December 10, 2025, after TPS detected unauthorized activity in its information systems. The intrusion began in November 2024 and persisted until October 2, 2025, exposing sensitive patient data, including:
- Names
- Dates of birth
- Social Security numbers
- Health insurance details (member numbers, insurer names, Medicare identifiers)
- Dependent and demographic information
PPNorCal disclosed the breach to California’s Attorney General on December 30, 2025, and began notifying affected individuals by mail. While the exact number of impacted patients remains unspecified, PPNorCal serves approximately 90,000 patients annually, suggesting a potentially significant scope.
TPS is offering free credit monitoring, credit reports, and credit score services to affected individuals, with enrollment details to be provided in early February 2026. A dedicated call center for inquiries will launch on February 9, 2026. Legal firms are also investigating potential compensation claims for those impacted.
The breach highlights vulnerabilities in third-party vendor security, raising concerns about the protection of sensitive health and personal data.
Source: https://www.claimdepot.com/investigations/planned-parenthood-and-trizetto-data-breach-2026
Planned Parenthood Northern California cybersecurity rating report: https://www.rankiteo.com/company/planned-parenthood-shasta-pacific
"id": "PLA1767648230",
"linkid": "planned-parenthood-shasta-pacific",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Northern California, USA',
'name': 'Planned Parenthood Northern California',
'size': 'Approximately 90,000 patients annually',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Affected individuals notified by mail; dedicated call '
'center available starting Feb. 9, 2026',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Date of birth',
'Social Security number',
'Health insurance member number',
'Medicare beneficiary identifier',
'Health insurer name',
'Dependent information',
'Demographic information',
'Health insurance information']},
'date_detected': '2025-12-10',
'date_publicly_disclosed': '2025-12-30',
'description': 'Planned Parenthood Northern California (PPNorCal) experienced '
'a data breach involving unauthorized access to patient '
'insurance eligibility and related information through its '
"business associate OCHIN's subcontractor, Trizetto Provider "
'Solutions (TPS). The breach exposed sensitive personally '
'identifiable information of patients.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High',
'systems_affected': 'Trizetto Provider Solutions (TPS) information '
'systems'},
'recommendations': ['Monitor accounts for suspicious activity',
'Request free credit reports from Equifax, Experian, and '
'TransUnion',
'Place a fraud alert or freeze credit with major credit '
'bureaus',
'Enroll in free credit monitoring services offered by '
'TPS'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'regulatory_notifications': 'Disclosed to the '
"Attorney General's "
'office in California'},
'response': {'communication_strategy': 'Notification by mail to affected '
'individuals'},
'title': 'Planned Parenthood Northern California Data Breach',
'type': 'Data Breach'}