California & Washington Healthcare Providers Announce Data Breaches
Data breaches have been announced by Family Health Centers of San Diego, Totem Lake Family Dentistry, and Glendora Surgery Center.
Family Health Centers of San Diego
Family Health Centers of San Diego is sending notification letters to patients about an insider breach of their protected health information. According to the breach notification sent to the California Attorney General, Family Health Centers of San Diego discovered that one of its physicians had sent the personal and protected health information of certain patients to their personal email addresses, in violation of HIPAA and hospital policies.
The investigation confirmed that names, dates of birth, contact information, medical record numbers, and medical information had been emailed to the physician’s account. Family Health Centers of San Diego shut down the physician’s access to patient records, terminated the physician’s employment, and initiated legal action to compel the physician to destroy the emailed information. The physician has also been reported to the Medical Board of California. Family Health Centers of San Diego has offered the affected individuals a complimentary membership to a credit monitoring service for 12 months. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.
Totem Lake Family Dentistry
Totem Lake Family Dentistry, a Kirkland, WA-based family dental practice, has notified the HHS’ Office for Civil Rights about a breach of the protected health information of 3,464 patients. According to the notification letters, suspicious activity was identified within an employee’s email account. The investigation confirmed unauthorized access to the account between May 28, 2025, and June 2, 2025. During that time, information in the account may have been viewed or copied. It has taken 11 months to review the contents of the account and mail notification letters to the affected individuals. At the time of issuing notification letters, Totem Lake Family Dentistry was unaware of any attempted or actual misuse of patient data. Credit monitoring and identity theft protection services do not appear to have been offered.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Glendora Surgery Center
Glendora Surgery Center in California has alerted patients about a data security incident that was first identified on December 3, 2025. The forensic investigation confirmed unauthorized access to its network between November 29, 2025, and December 3, 2025. During that time, files containing patient information were exfiltrated from its network. Data compromised in the incident included patient names and medical treatment information.
While data was stolen, Glendora Surgery Center is unaware of any actual or attempted misuse of that information. In response, data privacy and security policies and procedures have been reviewed, administrative and technical controls have been enhanced, and additional security training has been provided to the workforce. The HHS’ Office for Civil Rights has been notified, and a placeholder estimate of at least 501 individuals has been used. The data review is ongoing, and the total will be updated when the data review is concluded.
