Petaluma Health Center Data Breach Exposes Sensitive Patient Information
Petaluma Health Center recently disclosed a data breach affecting sensitive personal and health-related information of its patients. On December 15, 2025, the center was alerted by its electronic medical record system, OCHIN, that an unauthorized individual had accessed a system belonging to TriZetto, a third-party vendor working with OCHIN.
TriZetto’s investigation confirmed that patient data linked to Petaluma Health Center may have been exposed during the breach. The compromised information varies by individual but includes names, Social Security numbers, dates of birth, contact details, and health or insurance-related data.
In response, Petaluma Health Center began notifying affected individuals via mail, detailing the specific types of information impacted. The center and TriZetto are also offering complimentary credit monitoring services to those affected. The breach notice was filed with the California Attorney General’s office.
Source: https://straussborrelli.com/2026/01/22/petaluma-health-center-data-breach-investigation-2/
TriZetto Healthcare Products cybersecurity rating report: https://www.rankiteo.com/company/trizetto-healthcare-products
OCHIN, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ochin
Petaluma Health Center cybersecurity rating report: https://www.rankiteo.com/company/petaluma-health-center
"id": "TRIOCHPET1769201334",
"linkid": "trizetto-healthcare-products, ochin, petaluma-health-center",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients',
'industry': 'Healthcare',
'location': 'Petaluma, California, USA',
'name': 'Petaluma Health Center',
'type': 'Healthcare Provider'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Mail notifications to affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Contact details',
'Health or insurance-related '
'data']},
'date_detected': '2025-12-15',
'description': 'Petaluma Health Center recently disclosed a data breach '
'affecting sensitive personal and health-related information '
'of its patients. On December 15, 2025, the center was alerted '
'by its electronic medical record system, OCHIN, that an '
'unauthorized individual had accessed a system belonging to '
'TriZetto, a third-party vendor working with OCHIN. TriZetto’s '
'investigation confirmed that patient data linked to Petaluma '
'Health Center may have been exposed during the breach. The '
'compromised information varies by individual but includes '
'names, Social Security numbers, dates of birth, contact '
'details, and health or insurance-related data.',
'impact': {'data_compromised': 'Sensitive personal and health-related '
'information',
'identity_theft_risk': 'High',
'systems_affected': "TriZetto's system (third-party vendor for "
'OCHIN)'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Petaluma Health Center Breach Notice'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (potential)'],
'regulatory_notifications': 'California Attorney '
'General’s office'},
'response': {'communication_strategy': 'Mail notifications to affected '
'individuals, breach notice filed with '
'California Attorney General’s office',
'remediation_measures': 'Notification to affected individuals, '
'complimentary credit monitoring '
'services',
'third_party_assistance': 'TriZetto (investigation)'},
'title': 'Petaluma Health Center Data Breach Exposes Sensitive Patient '
'Information',
'type': 'Data Breach'}