San Andreas Regional Center Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from San Andreas Regional Center, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Stock image of a ransomware attackOn July 3, 2021, San Andreas Regional Center (“SARC”) experienced a data breach where an unauthorized third party gained access to SARC’s networks and servers where sensitive patient and employee data was stored. The criminals then demanded a ransom. This type of breach is called a ransomware attack.

On August 3, 2021, SARC concluded its initial investigation and determined that the incident involved the personal and protected health information of its patients and employees. It is expected that SARC will send out approximately 57,224 letters to impacted persons. If you received a letter you should sign up for identity monitoring as soon as possible.

On August 25, 2021, SARC reported the incident to the California Attorney General’s office.

NOTICE: If you received a NOTICE OF DATA BREACH from San Andreas Regional Center, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation request form here.

WHAT INFORMATION IS INVOLVED?

San Andreas Regional Center started to send out two types of notices to its patients and employees notifying them of the data breach. Collectively, the letters include the following information:

  • First and last names
  • Addresses
  • Telephone numbers
  • Social Security numbers
  • Dates of birth
  • Email addresses
  • Health plan beneficiary information
  • Driver’s license numbers
  • State Identification Numbers
  • Passport Numbers
  • Financial Account Information
  • Health insurance information
  • Full face photos/comparable images
  • Unique identifying numbers/codes
  • Medical information
  • Diagnosis
  • Disability codes
  • Other certificate/license numbers

This information is called your Personally Identifiable Information (“PII”) or Protected Health Information (“PHI”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII/PHI can be used by identity thieves to engage in fraudulent activity using your identity.

San Andreas Regional Center is a California-based non-profit healthcare provider serving patients and their families who reside within Monterey, San Benito, Santa Clara, and Santa Cruz counties.

NOTICE: If you received a NOTICE OF DATA BREACH from San Andreas Regional Center, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation request form here.