Lassen Clinics Data Breach Affects 65,482 Patients

Dignity Health Lassen Medical Clinic, with locations in Red Bluff and Cottonwood, California, recently experienced a significant data breach affecting 65,482 individuals. The breach occurred between September 17 and September 20, 2024, when an unauthorized third party gained access to the clinic's IT network. On December 3, 2024, the clinic confirmed that the unauthorized party had acquired copies of sensitive patient data from its systems.

The breach did not involve direct access to the clinic's Electronic Medical Record (EMR) system. However, files containing confidential patient information were compromised.

The sensitive information exposed in this breach includes:

• Name
• Address
• Date of birth
• Driver’s license number
• Financial account information
• Medical and health insurance information
• Social Security Numbers (for a small number of individuals)

The breach was disclosed to the U.S. Department of Health and Human Services on December 23, 2024. You can view the official disclosure on the HHS Breach Portal.

The breach was the result of a cyberattack that temporarily disabled the clinic’s IT network. While the network was restored the following day, the attackers had already accessed and stolen data. This incident highlights the critical importance of robust cybersecurity measures in protecting sensitive patient information.

Dignity Health Lassen Medical Clinic's response

Upon discovering the breach on September 20, 2024, Dignity Health Lassen Medical Clinic acted quickly to secure its systems and contain the incident. An external forensics vendor was engaged to investigate the breach and assess the extent of the damage. Additional security measures and monitoring tools were implemented to prevent future incidents.

To support affected individuals, the clinic partnered with Kroll, a global leader in risk mitigation, to provide free credit monitoring and identity theft protection services. Additionally, a dedicated call center has been established to assist patients with questions and concerns. Patients can reach the call center at (866) 676-1911, Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.

For more information about protecting yourself after a breach, the clinic recommends reviewing the California Attorney General’s consumer tips.

Affected by the data breach?

If you believe your information may have been exposed in this breach, there are several steps you should take to protect yourself:

1. Enroll in free credit monitoring: Take advantage of the credit monitoring services offered by Kroll. These services can help you detect potential misuse of your information.
2. Monitor your accounts: Regularly review your bank, credit card, and other financial accounts for unauthorized transactions.
3. Check your credit report: Obtain a free copy of your credit report from AnnualCreditReport.com or by calling 1-877-322-8228. Look for any suspicious activity or accounts you don’t recognize.
4. Place a fraud alert: Contact one of the three major credit reporting agencies—Equifax, Experian, or TransUnion—to place a fraud alert on your credit file. This will notify creditors to take extra steps to verify your identity before extending credit.
5. Consider a credit freeze: A credit freeze prevents new credit accounts from being opened in your name without your consent. This is a more robust measure to protect against identity theft.
6. Be vigilant for phishing attempts: Attackers may use stolen information to craft convincing phishing emails or phone calls. Be cautious about sharing additional personal information.

For more detailed guidance on protecting yourself from identity theft, visit the Federal Trade Commission’s identity theft resources.