Share Ourselves HIPAA Breach: 2,864 Patients Affected in California Network Server Attack

A cybersecurity incident at Share Ourselves, a California-based nonprofit healthcare provider, has compromised the protected health information (PHI) of 2,864 individuals. The breach, reported to the Department of Health and Human Services on December 26, 2025, represents yet another stark reminder of the persistent cybersecurity threats facing healthcare organizations nationwide.

What Happened

Share Ourselves, a healthcare provider operating in California, experienced a significant network server breach that exposed sensitive patient information. The incident has been classified as a hacking/IT incident, indicating that cybercriminals gained unauthorized access to the organization's network infrastructure.

The breach targeted the organization's network server, which likely contained a substantial amount of patient data essential for daily healthcare operations. While specific details about the attack methodology haven't been disclosed, network server breaches typically involve sophisticated cybercriminals exploiting vulnerabilities in an organization's IT infrastructure to gain unauthorized access to sensitive data.

The timing of the breach report, coming just after the holiday season, underscores how cybercriminals often target healthcare organizations during periods when IT staff may be reduced or when security monitoring might be less intensive.

Who Is Affected

The breach has impacted 2,864 individuals who received services from Share Ourselves. As a nonprofit healthcare provider, Share Ourselves likely serves vulnerable populations who may depend on their services for essential healthcare needs.

Patients affected by this breach may have had various types of protected health information compromised, potentially including:

• Personal identifiers (names, addresses, phone numbers)
• Medical record numbers
• Health insurance information
• Treatment records and medical histories
• Social Security numbers
• Financial information related to healthcare services

The exact scope of information compromised has not been fully detailed in the initial breach notification, but patients should assume that any information stored on the affected network server may have been accessed by unauthorized individuals.

Breach Details

This incident represents a hacking/IT incident specifically targeting Share Ourselves' network server infrastructure. Network server breaches are among the most serious types of healthcare data breaches because servers often contain centralized databases with extensive patient information.

The breach location being identified as a "Network Server" suggests that the attackers gained access to core IT infrastructure rather than individual workstations or portable devices. This type of breach can be particularly damaging because network servers typically house comprehensive patient databases, electronic health records, and administrative systems.

Cybercriminals targeting healthcare providers often use various attack vectors, including:

• Ransomware attacks that encrypt critical data
• Phishing campaigns targeting healthcare staff
• Exploitation of unpatched software vulnerabilities
• Advanced persistent threats (APTs) for long-term data extraction

The classification as a hacking incident indicates that this was not an accidental disclosure or improper disposal of records, but rather a deliberate cyberattack designed to gain unauthorized access to patient information.

What This Means for Patients

Patients whose information was compromised in the Share Ourselves breach face several potential risks and should take immediate protective action. The exposure of protected health information can lead to:

Identity Theft: Cybercriminals may use personal information to open fraudulent accounts, file false tax returns, or commit other forms of identity fraud.

Medical Identity Theft: Attackers could use health insurance information to obtain medical services, potentially affecting victims' medical records and insurance coverage.

Financial Fraud: If payment information was compromised, patients may face unauthorized charges or account compromises.

Privacy Violations: The exposure of sensitive medical information represents a significant invasion of privacy that could have lasting personal and professional consequences.

Affected patients should receive direct notification from Share Ourselves within 60 days of the breach discovery, as required by HIPAA regulations. This notification should include specific details about what information was compromised and what steps the organization is taking to address the incident.

How to Protect Yourself

If you are a patient of Share Ourselves or believe your information may have been compromised, take these immediate steps:

Monitor Financial Accounts: Regularly review bank statements, credit card bills, and explanation of benefits statements for unauthorized activity.

Credit Monitoring: Consider placing a fraud alert on your credit reports and monitor your credit reports for suspicious activity. You may be entitled to free credit monitoring services from Share Ourselves.

Medical Records Review: Request copies of your medical records and review them for any services or treatments you didn't receive.

Insurance Vigilance: Monitor your health insurance statements for unauthorized claims or services.

Document Everything: Keep records of all communications related to the breach and any suspicious activity you discover.

Identity Theft Protection: Consider enrolling in identity theft protection services, especially if Social Security numbers were compromised.

Prevention Lessons for Healthcare Providers

The Share Ourselves breach highlights critical cybersecurity challenges facing healthcare organizations, particularly smaller providers and nonprofits that may have limited IT security resources.

Network Security: Implementing robust network segmentation, intrusion detection systems, and continuous monitoring can help detect and prevent unauthorized access to sensitive systems.

Employee Training: Regular cybersecurity awareness training helps staff recognize and report potential threats like phishing emails or suspicious network activity.

Incident Response Planning: Having a comprehensive incident response plan enables organizations to respond quickly to breaches, minimize damage, and ensure proper notification procedures.

Regular Security Assessments: Conducting periodic vulnerability assessments and penetration testing can identify and address security weaknesses before they're exploited.

Data Encryption: Encrypting sensitive data both in transit and at rest provides an additional layer of protection even if systems are compromised.

The healthcare industry continues to be a prime target for cybercriminals due to the valuable nature of medical information and the critical importance of maintaining system availability. Organizations must prioritize cybersecurity investments and maintain vigilant security practices to protect patient information.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.