North Los Angeles County Regional Center Data Breach Exposes Social Security Numbers and Medical Records

Healthcare data breach illustration
Breach Discovery: 28th November 2024Breach Notification: 6th January 2025

What Happened in the North Los Angeles County Regional Center Data Breach?

The North Los Angeles County Regional Center data breach involved a ransomware attack that led to the theft of highly sensitive personal and medical information. The organization first identified suspicious activity within its computer network on November 28, 2024. As a result, it moved quickly to launch a forensic investigation into what had happened.

That investigation confirmed unauthorized access to the network occurred between November 20, 2024, and December 1, 2024. During this window, attackers exfiltrated sensitive files before deploying ransomware to encrypt systems. In other words, the theft of data happened first, followed by the encryption attack itself.

The Medusa ransomware group later claimed responsibility for the attack. According to the group’s own claims, more than 600 gigabytes of data was stolen from North Los Angeles County Regional Center’s systems. Because the volume of exfiltrated data was so large, reviewing it to determine exactly whose information was involved took considerable time.

North Los Angeles County Regional Center first posted a notice about the incident on its website on January 6, 2025. This early notice allowed individuals to begin protecting themselves even before the full scope of the breach was known. However, it then took an additional 17 months to complete the detailed data review needed before mailing individual notification letters.

Who was affected?

North Los Angeles County Regional Center provides services to individuals with developmental disabilities, meaning many of those affected are likely clients who received care coordination or support services through the organization. Because the center also maintains employment and administrative records, employees could also be among those impacted.

The exact number of affected individuals has not been publicly disclosed. The breach is currently listed on the HHS Office for Civil Rights portal as affecting 500 individuals, but this figure was described as a placeholder submitted before the investigation concluded. As a result, the final total is expected to be updated soon.

Given the sensitive nature of the services this organization provides, the affected population may include vulnerable individuals who depend on ongoing care coordination. This makes prompt protective action especially important. In addition, because both client and possibly employee data were involved, the scope of impact could span multiple categories of individuals.

What Information Was Potentially Exposed?

The data stolen in this breach covers an unusually broad range of categories. Because the exfiltrated files included both identity documents and detailed medical records, the potential for harm is significant.

  • Names, addresses, and dates of birth
  • Telephone numbers and email addresses
  • Social Security numbers
  • Passport numbers
  • Driver’s license or other state-issued ID numbers
  • U.S. federal issued ID numbers
  • Usernames and passwords
  • Financial account information
  • Payment card information
  • Health plan information
  • CI and patient ID numbers
  • Medical record numbers
  • Lab results and medications
  • Physical and/or mental health conditions
  • Diagnosis and treatment information
  • Prescription information
  • Treatment cost information
  • Disability codes and certificate/license numbers

Because Social Security numbers and government ID numbers were exposed together, affected individuals face a heightened risk of identity theft. Criminals could use this combination of data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. This type of fraud can be difficult to detect quickly, especially for individuals who don’t regularly check their credit reports.

The exposure of detailed medical and health insurance information adds another layer of risk. For example, stolen health plan information could be used to commit medical identity theft, where a criminal receives treatment or files claims using someone else’s identity. This can lead to incorrect information appearing in a victim’s medical records, which may affect future care and insurance coverage.

What is the company doing?

North Los Angeles County Regional Center responded to the attack by implementing additional technical security measures shortly after the intrusion was discovered. This included steps meant to prevent similar unauthorized access from happening again. The organization also worked with outside data security experts to review and strengthen its systems.

In addition to these technical improvements, the organization continued working with forensic specialists over many months to determine precisely whose data was affected and what categories of information were involved. Once this review was complete, North Los Angeles County Regional Center began mailing individual notification letters to affected individuals. This detailed review process, while lengthy, was intended to ensure that notifications accurately reflected each person’s specific exposure.

What Should Affected Individuals Do?

Monitor Your Credit Reports

Affected individuals should regularly check their credit reports for unfamiliar accounts or inquiries. Because Social Security numbers were exposed, this breach creates real potential for new-account fraud. Reviewing your credit report closely can help you catch suspicious activity early.

You can request free credit reports from the three major credit bureaus. Checking reports from all three, rather than just one, gives a more complete picture. If you notice anything unusual, report it right away to the credit bureau and consider contacting a data breach attorney for guidance.

Consider a Credit Freeze or Fraud Alert

Given that Social Security numbers, passport numbers, and driver’s license numbers were all exposed, placing a credit freeze is a strong protective step. A freeze restricts access to your credit file, making it much harder for identity thieves to open new accounts in your name.

Alternatively, a fraud alert requires lenders to take extra steps to verify your identity before extending credit. Both options are free to set up. Because this breach involved such a comprehensive set of identity documents, many affected individuals may find a credit freeze offers the strongest protection.

Protect Against Medical Identity Theft

Because health plan information, medical record numbers, and treatment details were exposed, affected individuals should watch for signs of medical identity theft. This includes reviewing insurance statements, called explanation of benefits notices, for services you did not receive.

If you notice unfamiliar charges or claims, contact your health insurance provider immediately. In addition, request a copy of your medical records periodically to check for inaccuracies that could result from someone else using your identity for treatment.

Stay Alert for Phishing Attempts

Because names, email addresses, and phone numbers were exposed, affected individuals may become targets of phishing scams. Scammers often use breached personal details to make fraudulent messages appear more convincing.

Therefore, be cautious of unexpected emails, texts, or calls asking for personal or financial information. Avoid clicking links from unknown senders, and instead contact organizations directly using verified phone numbers or websites if you’re unsure about a message’s legitimacy.

Consult a Data Breach Attorney

Given the scope and sensitivity of the data involved, affected individuals may want to speak with a data breach attorney about their legal options. An attorney can help determine whether you qualify for compensation related to this incident.

Because deadlines for filing claims can vary, it’s wise to seek a consultation sooner rather than later. Many attorneys offer free case evaluations, making this a low-risk way to understand your rights.



More Information

Official data breach notification from Washington State Attorney General

Related Data Breaches