Memorial Healthcare Services Data Breach Exposes Patient Portal Personal Information

Healthcare data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: 8th July 2026

What Happened in the Memorial Healthcare Services Data Breach?

Memorial Healthcare Services, a nonprofit healthcare provider serving patients across Southern California, has agreed to settle a class action lawsuit tied to a data breach involving its patient portal website. The Memorial Healthcare Services data breach centers on tracking pixels and other web analytics and advertising tools that were reportedly added to the organization’s website without patient knowledge or consent.

According to the lawsuit, these tracking technologies collected personally identifiable information from website visitors and sent it to third parties. As a result, plaintiffs allege that sensitive health information and personal details were disclosed without proper authorization. The case, Valladolid v. Memorial Health Services, was filed in the Superior Court of California, County of Los Angeles, by plaintiff Michelle Valladolid on behalf of herself and similarly situated individuals.

The lawsuit claims these disclosures violated the California Invasion of Privacy Act. Memorial Healthcare Services has denied any wrongdoing throughout the litigation. However, after weighing the cost of continued litigation and the risks of trial and possible appeals, both sides chose to pursue a settlement instead. Mediation on April 3, 2025 did not immediately produce an agreement, but continued negotiations eventually led to finalized settlement terms.

Who was affected?

The class covers individuals who accessed the Memorial Health Services patient portal between March 7, 2022, and July 8, 2022. Because a patient portal typically requires login credentials, this incident likely affected people who were actively receiving care or managing health information online during that window.

The exact number of affected individuals has not been publicly disclosed. Nonetheless, the use of a patient portal generally suggests the affected population includes current and former patients of Memorial Healthcare Services who interacted with the organization’s digital health services. Given the nature of patient portals, both adults and potentially minors under parental accounts could be part of the class.

What Information Was Potentially Exposed?

The lawsuit alleges that tracking pixels embedded on the Memorial Healthcare Services website captured personal and health-related information as users navigated the patient portal. This data was then reportedly transmitted to third-party advertising and analytics companies without user consent.

  • Personally identifiable information tied to patient portal accounts
  • Health information related to portal activity and usage
  • Website browsing behavior and interaction data collected through pixels

When health-related browsing data ends up in the hands of advertising networks, patients can face unwanted profiling and targeted marketing tied to sensitive medical topics. In addition, this type of exposure can lead to a loss of privacy that patients never agreed to when they simply logged in to check test results or schedule appointments.

Although this incident does not appear to involve Social Security numbers or financial account details, the improper sharing of health information still carries real consequences. For example, patients may be uncomfortable knowing that visits to a healthcare portal could be linked to advertising profiles. This can affect trust in digital health tools moving forward, and it may expose individuals to targeted scams referencing their medical conditions.

What is the company doing?

Memorial Healthcare Services agreed to resolve the litigation through a negotiated settlement rather than proceeding to trial. As part of this resolution, the organization will fund a $750,000 settlement pool to compensate affected class members. Importantly, the settlement does not require Memorial Healthcare Services to admit fault or wrongdoing.

Beyond the monetary fund, the company has agreed to cover attorneys’ fees, settlement administration costs, notification expenses, and a service award for the class representative. These costs will be deducted from the settlement fund before individual payments are calculated. The court has granted preliminary approval of the settlement, and a final fairness hearing is scheduled for September 17, 2026, which will determine whether the settlement receives final court approval.

What Should Affected Individuals Do?

Submit a Claim Before the Deadline

If you accessed the Memorial Health Services patient portal between March 7, 2022, and July 8, 2022, you may be eligible for a payment from this settlement. Claims must be submitted by August 21, 2026, so it is important to act promptly rather than wait until the last minute.

To determine eligibility and file a claim, visit the official settlement website referenced in the court-approved notice. Because payments are distributed pro rata, the exact amount you receive will depend on how many valid claims are submitted overall.

Understand Your Options: Object or Opt Out

Class members who disagree with the settlement terms have the right to object by July 15, 2026. Similarly, if you would rather pursue your own legal claim instead of participating in this settlement, you can opt out by August 21, 2026.

Before deciding, it may help to speak with a data breach attorney for a free case evaluation. An attorney can explain whether opting out and pursuing individual claims might result in a better outcome given your specific circumstances.

Monitor Your Credit Reports Regularly

Even though this incident primarily involved health-related browsing data rather than financial account numbers, it is still wise to monitor your credit reports for unusual activity. Regularly reviewing your reports from the three major credit bureaus can help you catch problems early.

As a result, you should look for unfamiliar accounts, unexpected inquiries, or changes to your personal information. If you notice anything suspicious, report it immediately to the credit bureau and consider placing a fraud alert on your file.

Stay Alert for Phishing and Targeted Scams

Because exposed health information can be used to craft convincing scam messages, affected individuals should remain cautious of unexpected emails, texts, or calls referencing medical services or health conditions. Scammers often use real details to appear legitimate.

Therefore, avoid clicking links or providing personal information in response to unsolicited messages. Instead, contact your healthcare provider directly using a verified phone number if you have questions about your account or medical records.

Review Privacy Settings on Health Portals

Going forward, it is worth reviewing the privacy and cookie settings on any healthcare portals you use. Many patients are unaware of how much tracking technology operates behind the scenes on medical websites.

In addition, consider reading privacy notices before logging in to new health platforms. This simple step can help you understand what data might be collected and shared, and it allows you to make more informed choices about your online health interactions.



Related Data Breaches