Stockton Cardiology Medical Group Reports Data Breach Following Phishing Incident

Stockton Cardiology Medical Group, an healthcare practice in California, reports a data breach on March 9, 2026. The incident involved breach of the organization's network and theft and public disclosure of sensitive patient and business files. 

The attack began on December 15, 2025, when several employees received suspicious phishing emails. The organization initially identified and deleted these emails, but an attacker successfully used the phishing to gain access to internal systems. The investigation suggests the attacker moved through the network to access and steal files maintained for business operations and patient care. By February 17, 2026, the practice learned that a portion of the stolen data had been published online.

The compromised data includes:

• Patient full names
• Mailing addresses
• Email addresses
• Billing records
• Limited medical information related to services
• Internal company business records

The number of affected individuals is not disclosed. Stockton Cardiology hired an independent security firm to lead the forensic investigation and system restoration. The organization enforced multi-factor authentication (MFA) on internal systems, performed a global password reset, and revised its data retention policies to reduce the volume of stored files. 

Affected individuals are receiving one year of complimentary credit monitoring and identity restoration services.