Stockton Cardiology Medical Group Hit by Major Data Breach, Exposing Patient and Financial Data
Stockton Cardiology Medical Group, a leading cardiology practice serving California’s San Joaquin Valley, suffered a significant data breach after detecting suspicious emails on December 15, 2025. Though the emails were quickly deleted, an investigation revealed that unauthorized access had occurred, with files potentially removed from the organization’s systems. By January 17, 2026, some of the compromised data was publicly disclosed.
On February 17, 2026, the hacking group GENESIS claimed responsibility, announcing on the dark web that it had exfiltrated 645GB of data, including healthcare records, personal and financial information, and internal operational files. The breach was officially reported to the California Attorney General on March 20, 2026.
Exposed data includes:
- Patient names
- Mailing and email addresses
- Billing records
- Limited medical information tied to services provided
The law firm Shamis & Gentile P.A. is investigating the incident on behalf of affected individuals, who may be eligible for compensation due to potential damages such as identity monitoring costs, emotional distress, or financial losses. The breach underscores the growing threat to healthcare providers and the sensitive data they manage.
Source: https://www.claimdepot.com/investigations/stockton-cardiology-data-breach-2026
Stockton Cardiology Medical Group cybersecurity rating report: https://www.rankiteo.com/company/stockton-cardiology-medical-group
"id": "STO1774305417",
"linkid": "stockton-cardiology-medical-group",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, San Joaquin Valley',
'name': 'Stockton Cardiology Medical Group',
'type': 'Healthcare Provider'}],
'attack_vector': 'Suspicious emails (likely phishing)',
'customer_advisories': 'Affected individuals may be eligible for compensation '
'due to potential damages such as identity monitoring '
'costs, emotional distress, or financial losses.',
'data_breach': {'data_exfiltration': 'Yes (645GB of data)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient names',
'Mailing addresses',
'Email addresses',
'Billing records',
'Limited medical information']},
'date_detected': '2025-12-15',
'date_publicly_disclosed': '2026-01-17',
'description': 'Stockton Cardiology Medical Group suffered a significant data '
'breach after detecting suspicious emails. Unauthorized access '
'led to the exfiltration of 645GB of data, including '
'healthcare records, personal and financial information, and '
'internal operational files. The hacking group GENESIS claimed '
'responsibility and publicly disclosed some of the compromised '
'data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '645GB of data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal actions and fines',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Suspicious emails'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Dark web announcement by GENESIS'},
{'source': 'California Attorney General report'}],
'regulatory_compliance': {'legal_actions': 'Potential legal actions by '
'affected individuals',
'regulations_violated': ['HIPAA (potential)'],
'regulatory_notifications': 'Reported to California '
'Attorney General on '
'2026-03-20'},
'response': {'communication_strategy': 'Reported to California Attorney '
'General on 2026-03-20',
'containment_measures': 'Suspicious emails deleted',
'third_party_assistance': 'Shamis & Gentile P.A. (law firm '
'investigating the incident)'},
'threat_actor': 'GENESIS',
'title': 'Stockton Cardiology Medical Group Data Breach',
'type': 'Data Breach'}