Vibra Hospital of Sacramento, a specialty critical care facility in Folsom, California, experienced a data breach after a threat actor gained unauthorized access to six employee email accounts between March 12–22, 2025. The breach exposed sensitive personally identifiable information (PII) and protected health information (PHI) of patients, including names, addresses, Social Security numbers, dates of birth, medical diagnoses, treatment details, health insurance policy numbers, Medicare/Medicaid numbers, financial account numbers, and patient account information. The incident was detected on March 13, 2025, but the full scope was confirmed only after a review completed on August 4, 2025. Notifications to affected individuals and regulatory disclosures (including to the California Attorney General) were issued in October 2025. The breach poses significant risks of identity theft, financial fraud, and medical identity fraud, with potential long-term consequences for victims.
Source: https://www.claimdepot.com/investigations/vibra-hospital-of-sacramento-data-breach-2025
TPRM report: https://www.rankiteo.com/company/vibra-hospital
"id": "vib2194421102725",
"linkid": "vibra-hospital",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Folsom, California, USA',
'name': 'Vibra Hospital of Sacramento, LLC',
'size': 'Part of Vibra Healthcare (4,000+ employees '
'nationwide, 21+ hospitals across 10 states)',
'type': 'Specialty Critical Care Hospital (Long-Term '
'Acute Care)'}],
'attack_vector': 'Compromised Employee Email Accounts',
'customer_advisories': ['12 months of free TransUnion Cyberscout '
'single-bureau credit monitoring',
'Guidance on monitoring financial accounts and '
'placing fraud alerts',
'Legal assistance recommendations for affected '
'individuals'],
'data_breach': {'data_exfiltration': 'Likely (data accessed and potentially '
'exfiltrated by threat actor)',
'personally_identifiable_information': 'Yes (PII and PHI)',
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and financial information)',
'type_of_data_compromised': ['Patient name',
'Address',
'Date of birth',
'Social Security number',
'Date of medical service',
'Medical diagnosis information',
'Individual health insurance '
'policy number',
'Physician or medical facility '
'information',
'Medical condition or treatment '
'information',
'Medicare or Medicaid number',
'Patient account number',
'Financial account number']},
'date_detected': '2025-03-13',
'date_publicly_disclosed': '2025-10-03',
'description': 'Vibra Hospital of Sacramento, LLC experienced a data breach '
'where six employee email accounts were accessed by a threat '
'actor between March 12, 2025, and March 22, 2025. The breach '
'compromised personally identifiable information (PII) and '
'protected health information (PHI) of patients, including '
'names, addresses, Social Security numbers, medical diagnoses, '
'and financial account details. The hospital disclosed the '
'incident on October 3, 2025, and notified affected '
'individuals by mail the same day. Credit monitoring services '
'were offered to impacted patients.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'account numbers, and medical information)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'payment_information_risk': 'High (financial account numbers '
'exposed)',
'systems_affected': ['Employee Email Accounts (6)']},
'initial_access_broker': {'entry_point': 'Compromised employee email accounts '
'(6)',
'high_value_targets': 'Patient PII and PHI'},
'investigation_status': 'Ongoing (as of October 2025, with legal '
'investigations by Shamis & Gentile P.A.)',
'recommendations': ['Enroll in offered credit monitoring services (TransUnion '
'Cyberscout)',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal assistance for potential compensation'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-03',
'source': 'Vibra Hospital of Sacramento Data Security '
'Notification'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits for '
'compensation (ongoing '
'investigation by Shamis & Gentile '
'P.A.)',
'regulatory_notifications': ['California Attorney '
"General's office "
'(notified on October '
'24, 2025)']},
'response': {'communication_strategy': ['Data security notification published '
'on website',
'Mail notifications to impacted '
'patients',
'Disclosure to California Attorney '
"General's office (October 24, 2025)"],
'incident_response_plan_activated': 'Yes (investigation '
'initiated on or about March '
'13, 2025)',
'remediation_measures': ['Notification to affected individuals '
'(mail, October 3, 2025)',
'Public disclosure via website (October '
'3, 2025)',
'Offer of 12 months of free TransUnion '
'Cyberscout single-bureau credit '
'monitoring']},
'stakeholder_advisories': ["Notification to California Attorney General's "
'office (October 24, 2025)'],
'title': 'Vibra Hospital of Sacramento Data Breach (2025)',
'type': 'Data Breach (Email Account Compromise)'}