Centric Health HIPAA Breach Exposes 6,855 Patient Records in CA

Centric Health, a California-based healthcare provider, has reported a significant HIPAA data breach to the Department of Health and Human Services (HHS), affecting 6,855 patients. The incident, which involved both electronic medical records and network servers, was officially reported on December 10, 2025, and has been added to the HHS Wall of Shame.

This latest breach highlights the ongoing cybersecurity challenges facing healthcare organizations and underscores the critical importance of robust data protection measures in medical settings.

What Happened

Centric Health experienced a hacking/IT incident that compromised both their electronic medical record (EMR) system and network servers. The breach represents a combined attack on multiple critical healthcare IT infrastructure components, suggesting a sophisticated cyber intrusion.

While specific details about the attack methodology haven't been publicly disclosed, the dual compromise of EMR systems and network servers indicates that cybercriminals gained significant access to Centric Health's IT environment. This type of multi-vector breach often results from advanced persistent threats or coordinated cyberattacks targeting healthcare organizations.

The incident was reported to HHS on December 10, 2025, in compliance with HIPAA breach notification requirements. Under federal law, healthcare entities must report breaches affecting 500 or more individuals to HHS within 60 days of discovery.

Who Is Affected

The breach impacted 6,855 patients who received care from Centric Health. All affected individuals are located in California, where the healthcare provider operates.

Patients whose information may have been compromised should receive direct notification from Centric Health within 60 days of the breach discovery, as required by HIPAA regulations. This notification will include specific details about what information was accessed and steps patients can take to protect themselves.

Breach Details

The Centric Health incident involved unauthorized access to:

• Electronic Medical Records (EMR): Patient health information stored in digital format
• Network Servers: Infrastructure supporting the healthcare provider's IT operations

This combination suggests that cybercriminals may have accessed a wide range of sensitive information, potentially including:

• Patient names and contact information
• Social Security numbers
• Medical record numbers
• Health insurance information
• Medical diagnoses and treatment records
• Prescription information
• Financial account details

The fact that both EMR systems and network servers were compromised indicates a significant security incident that likely required substantial remediation efforts.

What This Means for Patients

For the 6,855 affected patients, this breach poses several potential risks:

Identity Theft: Personal information like names, addresses, and Social Security numbers can be used to open fraudulent accounts or file false tax returns.

Medical Identity Theft: Criminals may use stolen health information to obtain medical services, prescription drugs, or file fraudulent insurance claims.

Financial Fraud: If payment information was compromised, patients face risks of unauthorized charges or account takeovers.

Privacy Violations: Sensitive medical information could be exposed or misused, potentially causing personal embarrassment or discrimination.

Patients should remain vigilant for signs of identity theft or medical fraud and take proactive steps to protect their information.

How to Protect Yourself

If you're a Centric Health patient potentially affected by this breach, consider taking these protective measures:

Monitor Your Accounts: Regularly check bank statements, credit card bills, and insurance statements for unauthorized activity.

Review Credit Reports: Obtain free annual credit reports from all three major bureaus and look for suspicious accounts or inquiries.

Consider Credit Freezes: Place security freezes on your credit files to prevent new accounts from being opened without your knowledge.

Watch Medical Records: Review explanation of benefits statements from your insurance company for services you didn't receive.

Stay Alert for Scams: Be cautious of phishing emails or phone calls claiming to be related to the breach.

Update Passwords: Change passwords for any online accounts related to healthcare or insurance.

Document Everything: Keep records of all communications related to the breach and any protective actions you take.

Prevention Lessons for Healthcare Providers

The Centric Health incident offers important lessons for healthcare organizations:

Multi-Layered Security: Implement comprehensive cybersecurity measures including firewalls, intrusion detection systems, and endpoint protection.

Regular Security Assessments: Conduct frequent vulnerability scans and penetration testing to identify weaknesses before criminals do.

Employee Training: Provide ongoing cybersecurity awareness training to help staff recognize and avoid phishing attempts and other social engineering tactics.

Access Controls: Implement strict user access controls and regularly audit who has access to sensitive systems and data.

Incident Response Planning: Develop and regularly test incident response procedures to ensure rapid detection and containment of breaches.

Network Segmentation: Isolate critical systems like EMRs from general network traffic to limit the spread of potential intrusions.

Regular Backups: Maintain secure, regularly tested backups to ensure business continuity in case of ransomware or other destructive attacks.

The healthcare sector continues to be a prime target for cybercriminals due to the high value of medical information. Organizations must invest in robust cybersecurity measures and maintain constant vigilance to protect patient data.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.