Newport Harbor Pathology Medical Group Data Breach Exposes SSNs

On November 11, 2024, Newport Harbor Pathology Medical Group, Inc. (NHPMG) discovered unauthorized activity within a portion of its computer environment. Upon investigation, the company determined that an unauthorized actor potentially viewed and copied sensitive patient information stored in NHPMG's systems. The breach occurred between October 8, 2024, and November 11, 2024.

The types of information exposed in this breach include personally identifiable information (PII) such as names, Social Security numbers, dates of birth, addresses, driver's license numbers, unique or other government-issued identification numbers, and health insurance information. Additionally, protected health information (PHI) such as medical record numbers, diagnoses, and pathology test results were also potentially compromised.

Currently, NHPMG has not reported any known instances of identity theft or fraud directly related to this incident. However, due to the sensitive nature of the information exposed, affected individuals should remain vigilant and take proactive steps to protect their personal and financial information.

Newport Harbor Pathology Medical Group's response

Upon discovering the unauthorized access, NHPMG immediately initiated an investigation to assess the scope and impact of the breach. The company began notifying potentially impacted individuals on December 6, 2024, and has been conducting a detailed review of records stored in the affected systems to determine precisely what information was affected and to whom it relates.

NHPMG has also notified law enforcement and government regulatory authorities as required. The data breach was officially disclosed to the U.S. Department of Health and Human Services on January 10, 2025, and to the California Attorney General's office on April 14, 2025.

As part of its ongoing commitment to protecting patient information, NHPMG is reviewing and enhancing security protections within its systems. The company encourages affected individuals to closely monitor their financial statements, credit reports, and explanations of benefits for suspicious activity or errors. Individuals can request a free annual credit report from each of the three major credit reporting bureaus—Equifax, Experian, and TransUnion—by visiting AnnualCreditReport.com or calling 1-877-322-8228.

For further guidance on identity theft protection, individuals can contact the Federal Trade Commission (FTC) at IdentityTheft.gov or call 1-877-ID-THEFT (1-877-438-4338).

NHPMG has provided a dedicated call center to answer questions related to this incident. Individuals seeking additional information can call 1-877-640-0302 toll-free, Monday through Friday, from 6:00 AM to 6:00 PM Pacific Time, excluding major U.S. holidays. Alternatively, affected individuals can contact Heather Pepper at 805 W. La Veta Avenue, Ste. 104, Orange, CA 92868.

For more detailed information, please view the company's official Notice of Data Event, the disclosure filed with the California Attorney General's office, or the report submitted to the U.S. Department of Health and Human Services.