Watsonville Community Hospital, a 106-bed facility serving California’s central coast with over 650 employees and 300 physicians, suffered a ransomware attack between Nov. 25–29, 2024, executed by the hacker group TERMITE. The breach exposed personally identifiable information (PII) and protected health information (PHI), including names, Social Security numbers, driver’s licenses, medical records (treatment, prescriptions, health insurance), financial data (payment cards, tax IDs), and access credentials. TERMITE claimed to have stolen the hospital’s database, posting sample screenshots on their dark web portal. Affected patients were notified via mail and a public Notice of Data Privacy Incident on Oct. 15, 2025, with the incident reported to the California Attorney General’s office the following day. The breach poses severe risks of identity theft, financial fraud, and medical fraud, prompting the hospital to offer free credit monitoring and legal recourse for victims seeking compensation for damages, emotional distress, and out-of-pocket expenses.
Source: https://www.claimdepot.com/investigations/watsonville-community-hospital-data-breach-2025
TPRM report: https://www.rankiteo.com/company/watsonville-community-hospital
"id": "wat5603156101725",
"linkid": "watsonville-community-hospital",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'healthcare',
'location': 'Watsonville, California, USA',
'name': 'Watsonville Community Hospital',
'size': '106 beds, 650+ employees, 300+ physicians',
'type': 'hospital'}],
'customer_advisories': ['Enroll in credit monitoring services',
'Monitor accounts for suspicious activity',
'Consider placing a fraud alert',
'Request credit reports',
'Seek legal help if affected'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['database records'],
'personally_identifiable_information': ['name',
'address',
'date of birth',
'full or partial '
'Social Security '
'number',
"driver's license, "
'state ID, or '
'passport number',
'tax ID number',
'birth certification',
'medical record '
'number',
'clinical or '
'treatment '
'information',
'medical procedure '
'information',
'medical provider '
'name',
'prescription '
'information',
'health insurance '
'information',
'access credentials',
'financial account '
'information',
'payment card '
'information'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['PII', 'PHI']},
'date_detected': '2024-11-25',
'date_publicly_disclosed': '2025-10-15',
'description': 'Watsonville Community Hospital, a 106-bed facility serving '
'California’s central coast, experienced a ransomware attack '
'between Nov. 25, 2024, and Nov. 29, 2024, claimed by the '
'group TERMITE. The attack compromised personally identifiable '
'information (PII) and protected health information (PHI) of '
'patients and employees. The hospital began notifying affected '
'individuals on Oct. 15, 2025, and reported the incident to '
'the California Attorney General’s office on Oct. 16, 2025.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'legal_liabilities': True,
'payment_information_risk': True,
'systems_affected': ['hospital database']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['hospital database']},
'investigation_status': 'ongoing (as of 2025-10-15)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Enroll in free IDX credit monitoring and identity '
'protection services',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major credit '
'bureaus',
'Seek legal assistance for potential compensation'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-15',
'source': 'Watsonville Community Hospital Notice of Data '
'Privacy Incident'}],
'regulatory_compliance': {'legal_actions': ['potential class action lawsuits'],
'regulatory_notifications': ['California Attorney '
'General’s office '
'(reported on '
'2025-10-16)']},
'response': {'communication_strategy': ['mail notifications to affected '
'patients',
'public Notice of Data Privacy '
'Incident on website'],
'incident_response_plan_activated': True,
'third_party_assistance': ['IDX (credit monitoring and identity '
'protection services)']},
'stakeholder_advisories': ['mail notifications to affected patients',
'public notice on hospital website'],
'threat_actor': 'TERMITE',
'title': 'Watsonville Community Hospital Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach']}