Providence Reports Data Breach Affecting 1,200 California Patients Due to Health Information Exchange Issue
Providence, a major hospital system, disclosed a data breach on February 11, 2026, impacting approximately 1,200 patients across California. The incident stemmed from a "technology issue" within Health Gorilla, a health information exchange (HIE) platform used by Providence to share patient data with other healthcare providers for coordinated care.
The breach occurred between August 30, 2024, and December 8, 2025, when certain HIE participants may have accessed or shared patient information without a legitimate business need. Providence emphasized that there was no evidence of hacking or theft by third parties, including Health Gorilla. However, exposed data could include sensitive details such as full names, dates of birth, addresses, insurance information, medical diagnoses, test results, and medications.
All affected patients are being offered one year of identity protection services through IDX, with enrollment available by contacting 1-888-202-1558. Providence stated that the delay in public notification nearly a month after discovery complied with legal timelines, as the organization conducted internal investigations and arranged support services.
The hospital system reiterated its commitment to patient privacy, noting ongoing reviews of data-sharing protocols and collaboration with technology partners to prevent future incidents. No further details on the specific cause of the HIE malfunction were provided.
Providence Health & Services cybersecurity rating report: https://www.rankiteo.com/company/providence-health-and-services
"id": "PRO1775673374",
"linkid": "providence-health-and-services",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,200 patients',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Providence',
'type': 'Hospital System'}],
'attack_vector': 'Misconfiguration/Technology Issue',
'customer_advisories': 'Affected patients offered one year of identity '
'protection services through IDX (contact: '
'1-888-202-1558)',
'data_breach': {'number_of_records_exposed': '1,200',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (medical and personally '
'identifiable information)',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Addresses',
'Insurance information',
'Medical diagnoses',
'Test results',
'Medications']},
'date_detected': '2026-01-11',
'date_publicly_disclosed': '2026-02-11',
'description': 'Providence disclosed a data breach impacting approximately '
"1,200 patients across California due to a 'technology issue' "
'within Health Gorilla, a health information exchange (HIE) '
'platform used for sharing patient data. The breach occurred '
'between August 30, 2024, and December 8, 2025, when certain '
'HIE participants accessed or shared patient information '
'without a legitimate business need. Exposed data included '
'sensitive details such as full names, dates of birth, '
'addresses, insurance information, medical diagnoses, test '
'results, and medications.',
'impact': {'brand_reputation_impact': 'Potential impact due to delayed '
'notification and breach of patient '
'trust',
'data_compromised': 'Sensitive patient information including full '
'names, dates of birth, addresses, insurance '
'information, medical diagnoses, test results, '
'and medications',
'identity_theft_risk': 'High (identity protection services '
'offered)',
'operational_impact': 'Review of data-sharing protocols and '
'collaboration with technology partners',
'systems_affected': 'Health Gorilla HIE platform'},
'investigation_status': 'Completed (internal investigation)',
'lessons_learned': 'Need for stricter access controls and monitoring of HIE '
'platforms to prevent unauthorized data sharing',
'post_incident_analysis': {'corrective_actions': 'Review of data-sharing '
'protocols and collaboration '
'with technology partners to '
'prevent future incidents',
'root_causes': 'Technology issue within Health '
'Gorilla HIE platform leading to '
'unauthorized access or sharing of '
'patient data'},
'recommendations': 'Enhance data-sharing protocols, implement stricter access '
'controls, and improve monitoring of third-party platforms',
'references': [{'source': 'Providence Public Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Complied with legal '
'timelines for public '
'notification'},
'response': {'communication_strategy': 'Public disclosure on February 11, '
'2026, with identity protection '
'services offered to affected patients',
'remediation_measures': 'Review of data-sharing protocols and '
'collaboration with technology partners',
'third_party_assistance': 'IDX (identity protection services)'},
'title': 'Providence Data Breach Affecting 1,200 California Patients Due to '
'Health Information Exchange Issue',
'type': 'Data Breach',
'vulnerability_exploited': 'Health Information Exchange (HIE) platform '
'misconfiguration'}