Wilmington Community Clinic Suffers Data Breach Exposing PII and PHI
On August 13, 2024, Wilmington Community Clinic, a nonprofit health center in Wilmington, California, detected an unauthorized breach of its computer systems. The incident exposed a mix of personally identifiable information (PII) and protected health information (PHI) belonging to an undisclosed number of individuals.
Following the discovery, the clinic engaged a third-party vendor to conduct a thorough review of the compromised data—a process that took several months due to the volume and complexity of the records. By October 13, 2025, the clinic retained a notice vendor to assist with notifications, call center support, and identity theft protection services, finalizing the list of affected individuals by November 18, 2025.
Exposed data may include names, dates of birth, driver’s license or state ID numbers, health insurance identification numbers, and medical records. The breach heightens risks of identity theft and medical fraud, prompting regulatory disclosure to the California Attorney General’s office on December 11, 2025.
In response, the clinic disconnected affected systems, secured its network with cybersecurity experts, and restored operations under enhanced security measures. To support impacted individuals, it is offering 12 months of complimentary credit monitoring and identity theft restoration services through HaystackID. A dedicated helpline (888-844-1319) has been established for affected parties. The clinic has also posted a breach notice on its website.
Source: https://www.claimdepot.com/data-breach/wilmington-community-clinic-2025
Wilmington Community Clinic cybersecurity rating report: https://www.rankiteo.com/company/wilmington-community-clinic
"id": "WIL1765563827",
"linkid": "wilmington-community-clinic",
"type": "Breach",
"date": "8/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Wilmington, California, USA',
'name': 'Wilmington Community Clinic',
'type': 'Nonprofit health center'}],
'customer_advisories': 'Dedicated call center at 888-844-1319 (Monday through '
'Friday, 8:00 a.m. to 11:00 p.m. ET); 12 months of '
'complimentary credit monitoring and identity theft '
'restoration services through HaystackID',
'data_breach': {'personally_identifiable_information': ['Name',
'Date of birth',
'Driver’s license '
'number or state '
'identification '
'number',
'Health insurance '
'identification '
'number',
'Medical information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2024-08-13',
'date_publicly_disclosed': '2025-12-11',
'description': 'Wilmington Community Clinic, a nonprofit health center in '
'Wilmington, Calif., discovered that its computer systems had '
'been compromised by an unauthorized actor, exposing '
'personally identifiable information (PII) and protected '
'health information (PHI) of an undisclosed number of '
'individuals.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High (risk of identity theft and medical '
'fraud)',
'operational_impact': 'Disrupted operations; systems were '
'disconnected and restored securely',
'systems_affected': 'Computer systems'},
'investigation_status': 'Completed (data review and notifications finalized '
'by Nov. 18, 2025)',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures '
'to mitigate future risks'},
'recommendations': ['Carefully review any notice or communication from '
'Wilmington Community Clinic or associated businesses',
'Monitor financial accounts and credit reports for signs '
'of identity theft',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information'],
'references': [{'source': 'Wilmington Community Clinic Data Breach Notice'}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General’s office']},
'response': {'communication_strategy': 'Posted notice on website, disclosed '
'event to California Attorney '
'General’s office, set up dedicated '
'call center',
'containment_measures': 'Disconnected all access to its network',
'recovery_measures': 'Restored operations in a safe and secure '
'manner',
'remediation_measures': 'Secured systems, enhanced security '
'measures',
'third_party_assistance': 'Engaged cybersecurity experts, '
'third-party vendor for data review, '
'and notice vendor for notifications '
'and identity theft protection '
'services'},
'threat_actor': 'Unauthorized actor',
'title': 'Wilmington Community Clinic Data Breach',
'type': 'Data Breach'}