PIH Health Ransomware Attack and Data Breach
Learn More
PIH Health, a nonprofit healthcare network based in California, reports a major data breach following a ransomware attack that occurred between November 14 and December 2, 2024.
The organization discovered unusual activity on its network on December 1, 2024, which led to the shutdown of digital infrastructure across its three hospitals and numerous outpatient clinics. The incident forced medical staff at PIH Health Whittier, PIH Health Downey, and PIH Health Good Samaritan Hospital to revert to manual downtime procedures, recording patient data on paper charts and issuing handwritten prescriptions.
A threat actor known as "Dreamer2000" claimed responsibility for the incident on December 13, 2024, asserting they exfiltrated a massive volume of sensitive data before encrypting internal systems.
The threat actor claims to have exfiltrated approximately 2 terabytes of data, including 17 million patient records. According to the hacker's claims and subsequent investigation, the compromised data includes:
- Full names and home addresses
- Social Security numbers
- Cancer patient treatment records
- Laboratory test results and clinical diagnoses
- Private emails regarding medical treatments
- Employee confidentiality and nondisclosure agreements
- Account metadata and last login timestamps
The number of affected individuals is not disclosed.
The breach was officially reported to the California Attorney General on February 27, 2026, following a lengthy forensic investigation. The healthcare provider is offering affected individuals complimentary identity protection services including credit monitoring, identity restoration support, and up to $1 million in identity theft insurance.
