Hoag Clinic Data Breach Exposes PHI & PII

In March 2024, Hoag Clinic experienced a significant data breach involving sensitive patient information. The breach occurred through ALN Medical Management ("ALN"), a third-party service provider responsible for revenue cycle and billing services for Hoag Clinic.

ALN first identified suspicious activity within certain systems hosted by their third-party provider. After isolating the impacted environment, ALN launched an investigation to determine the nature and scope of the unauthorized access.

The investigation revealed that between March 18 and March 24, 2024, an unauthorized actor accessed and removed certain files and folders hosted by ALN's third-party provider. Although ALN's internal systems were not compromised, the affected files contained sensitive personal and medical information belonging to Hoag Clinic patients and other ALN client entities.

After an extensive manual and programmatic review of the compromised data, ALN determined that the breach exposed personally identifiable information (PII) and protected health information (PHI).

The types of consumer information exposed included names, dates of birth, driver's license numbers, Social Security numbers, taxpayer identification numbers, mother's maiden names, financial account information, payment card details, health insurance information, and medical information.

Notifications to affected individuals began on March 21, 2025, and ALN continues to coordinate notifications with its impacted clients, including Hoag Clinic.

Hoag Clinic's response

To support individuals potentially affected by this breach, ALN is offering complimentary credit monitoring and identity theft protection services for 24 months through IDX. Individuals affected by the breach are strongly encouraged to enroll in these services promptly. Enrollment details and instructions are available on the dedicated ALN IDX response website. The deadline for enrollment is June 21, 2025.

Affected individuals are advised to remain vigilant against identity theft and fraud by regularly reviewing their financial account statements, explanation of benefits from health insurers, and monitoring their free annual credit reports. Consumers can obtain their free annual credit reports from AnnualCreditReport.com. Additionally, individuals may consider placing a fraud alert or credit freeze on their credit files by contacting the major credit reporting bureaus: Equifax, Experian, and TransUnion.

For further information or assistance regarding this incident, affected individuals can contact ALN's dedicated assistance line at 1-877-720-6166, available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, excluding U.S. holidays.

For more information about Hoag Clinic, visit their official website at Hoag.org.