Pacific Pulmonary Breach Exposes Social Security Numbers

Pacific Pulmonary Medical Group recently experienced a data breach that may have exposed sensitive personal information including social security numbers. The breach occurred over two days, on October 21 and October 22, 2024, and involved a third-party software used for scheduling.

The breach was disclosed to the California Attorney General's office on January 3, 2025, and to the Massachusetts Attorney General's office on the same day. According to the disclosure filed with the Massachusetts Attorney General, one individual in the state of Massachusetts was affected. However, the total number of individuals impacted across all states has not been specified.

While the company has stated that there is no evidence of misuse of the exposed data, the nature of the information involved makes this breach potentially serious. Social Security numbers are highly sensitive and can be used for identity theft if they fall into the wrong hands.

For more details, you can view the California Attorney General's disclosure and the Massachusetts Attorney General's disclosure.

Pacific Pulmonary Medical Group's response

Upon discovering the breach, Pacific Pulmonary Medical Group launched an investigation and engaged a national cybersecurity firm to assess the scope and impact of the incident. The company also notified law enforcement to aid in addressing the situation.

To help affected individuals, the company is offering complimentary credit monitoring services through TransUnion. These services include credit monitoring, access to a credit report and credit score, and proactive fraud assistance. The company has emphasized its commitment to improving its systems to prevent similar incidents in the future.

Affected individuals have been provided with a unique code to activate these services and must enroll within 90 days from the date of the notification letter.

Affected by the Pacific Pulmonary Medical Group data breach?

If you believe you may have been affected by this data breach, it is important to take immediate steps to protect yourself. Here’s what you should do:

1. Enroll in the credit monitoring services offered by Pacific Pulmonary Medical Group. Use the unique code provided in your notification letter to activate the services through the link shared in the letter. These services are free and can help you monitor changes to your credit file.
2. Place a fraud alert or security freeze on your credit reports. A fraud alert notifies creditors to take extra steps to verify your identity before opening new accounts. A security freeze restricts access to your credit report, making it harder for identity thieves to open accounts in your name. Contact the three major credit bureaus—Equifax, Experian, and TransUnion—to initiate these measures.
3. Monitor your financial accounts and credit reports. Keep a close eye on your bank statements, credit card activity, and credit reports for any unauthorized transactions or accounts. Report any suspicious activity immediately.
4. Consider obtaining an Identity Protection PIN (IP PIN) from the IRS. An IP PIN adds an extra layer of security to your federal tax filings, preventing someone else from filing a fraudulent tax return using your Social Security number. You can learn more about obtaining an IP PIN on the IRS website.
5. Be cautious of phishing attempts. Scammers may attempt to exploit the situation by sending fraudulent emails or phone calls pretending to be from Pacific Pulmonary Medical Group. Do not share personal information unless you are certain of the source.
6. Review the additional resources provided in the notification letter. The letter contains detailed instructions for placing security freezes, obtaining credit reports, and accessing other resources to safeguard your personal information.