On November 4 and 5, 2023, Dameron Hospital, a non-profit community healthcare provider based in Stockton, California, experienced a significant data breach affecting 210,706 individuals across the United States. The breach resulted in the exposure of both personally identifiable information (PII) and protected health information (PHI), including full names, Social Security numbers, medical records, medical information, and health insurance information. This sensitive data was compromised when unauthorized parties gained access to the hospital’s systems during the breach window.
The incident impacted individuals in multiple states, with 546 affected in Texas and 27 in Massachusetts. Dameron Hospital reported the breach to several authorities: the California Attorney General’s office on April 3, 2025, the Massachusetts Attorney General’s office on April 2, 2025, and the Texas Attorney General’s office on April 3, 2025. The hospital also notified the U.S. Department of Health and Human Services and the Vermont Attorney General’s office.
The breach involved the unauthorized access and potential theft of highly sensitive information, which could put affected individuals at risk for identity theft, insurance fraud, and other malicious activities. The hospital has made the official notice to consumers available on its website for further details.
In response to the breach, Dameron Hospital promptly notified regulatory authorities and began informing affected individuals by U.S. Mail and through a dedicated notice posted on its website. The hospital’s actions are in line with state and federal requirements for data breach notification. While the specific details of the hospital’s internal response and any additional resources offered to affected individuals have not been fully disclosed, those impacted should remain vigilant.
If you believe you may have been affected by this breach, it is important to: