Gay & Lesbian Community Services Center of Orange County, California, a provider of mental health, HIV testing, education and outreach, has identified unauthorized access to its network and the exposure of the personal and protected health information of up to 75,532 individuals. Suspicious network activity was identified on or around December 26, 2025, and third-party cybersecurity experts were engaged to investigate the incident.
They confirmed that there had been unauthorized access to the network from December 25 to December 26, 2025, and files containing sensitive information may have been viewed or acquired. The review of the impacted data was completed on May 6, 2026, when it was confirmed that the following types of information were stored on the compromised parts of the network: full names, dates of birth, Social Security numbers, diagnosis information, prescription information, medical histories and treatment information, medical record numbers, health insurance information, driver’s license numbers, government identification numbers, state identification numbers, passport numbers, taxpayer identification numbers, financial account information, biometric identifiers, financial account information, and payment card information.
The types of information involved varied from individual to individual. Gay & Lesbian Community Services Center of Orange County said it is committed to maintaining the privacy of personal information in its possession and continually evaluates and modifies its security practices to enhance data privacy and security. The affected individuals have been advised to remain vigilant and monitor their account statements and free credit reports for suspicious activity.
The website breach notice makes no mention of free credit monitoring or identity theft protection services. Alta Orthopaedics Alta Orthopaedics, a Santa Barbara, CA-based orthopedics practice with six locations in Santa Barbara, Santa Maria, Solvang, and Oxnard, has started mailing notification letters to patients affected by a recent security incident. On March 10, 2026, the practice identified suspicious activity within its computer network.
The forensic investigation determined that there had been unauthorized access to certain information on its network between February 3, 2026, and February 6, 2026. The review of the exposed files confirmed that they contained personal and protected health information such as names, addresses, phone numbers, Social Security numbers, driver’s license/state ID numbers, birth dates, billing codes, dates of service, reasons for visits, treatment costs, provider names, diagnoses, treatment information, clinical information, treatment location, medical record numbers, patient account numbers, and health insurance information.
The incident was reported to law enforcement, policies and procedures related to data privacy and security have been reviewed, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Regulators have been notified; however, the number of affected individuals has yet to be publicly disclosed. Lake Region Healthcare Lake Region Healthcare, a nonprofit rural health system based in Fergus Falls, Minnesota, has notified individuals affected by a recent cybersecurity incident.
Unauthorized access to its network was first identified on May 19, 2025. Law enforcement was notified, and an investigation was launched to determine the nature and scope of the unauthorized activity. No evidence was found to indicate any unauthorized access to electronic medical records; however, files containing patient information may have been viewed or acquired on or around May 19, 2025.
It has taken more than a year to review the affected data. That process was completed on June 5, 2026, when it was confirmed that names were exposed, along with one or more of the following: date of birth, Social Security number, medical record number, patient account number, health insurance information, contact information, medical and/or treatment information, government-issued identification, and/or financial information.
Lake Region Healthcare said it is unaware of any actual or attempted misuse of that data; however, as a precaution, the affected individuals have been offered complimentary identity theft protection services. The scale of the breach has yet to be publicly disclosed, although according to notifications to state attorneys general, 294 Texas residents and 20 Massachusetts residents are among the affected individuals.
The post California Gay & Lesbian Services Center Data Breach Affects 75,500 Individuals appeared first on The HIPAA Journal .
Originally published at hipaajournal.com