In an alarming cybersecurity incident affecting healthcare providers, a network of tribal clinics in Northern California has warned patients that a data breach late last year exposed highly sensitive personal and medical information — including Social Security numbers (SSNs) and detailed clinical records.

The affected organization, the MACT Health Board, which operates medical clinics across five California counties — Mariposa, Amador, Alpine, Calaveras, and Tuolumne — serves primarily the local American Indian community. It provides a range of services including primary care, dental treatment, behavioral health support, optometry, and chiropractic care.

According to patient notification letters and cybersecurity reporting, the breach occurred in November 2025 when an unauthorized party gained access to the MACT network and exfiltrated files containing confidential patient information. Although MACT first noticed irregular activity earlier in the month, its investigation determined that files were accessed by threat actors between November 12 and November 20, 2025.

Among the types of sensitive data accessed were:

• Full names of patients
• Social Security numbers
• Medical details such as diagnoses, treatments, test results, and imaging
• Information about doctors and prescriptions
• Insurance coverage and billing records
• Records of care and medical procedures received

The attackers — a ransomware group known as Rhysida — publicly listed MACT Health Board on their data leak site shortly after the incident. As part of their claim of responsibility, they demanded a ransom in Bitcoin (reportedly eight Bitcoin, worth several hundred thousand dollars at the time) and posted sample images of stolen documents purportedly taken from MACT’s systems.

MACT has not independently verified the authenticity of Rhysida’s claim and declined to answer detailed questions about the breach, including how many individuals might be affected. They also did not disclose whether a ransom was paid to the attackers.

The attack severely disrupted clinic operations when it occurred. Starting around November 20, 2025, phone systems, appointment scheduling, prescription orders, and other IT-dependent systems went offline. Some services, like general phone communication, were restored by December 1, but certain specialized imaging services remained unavailable as of late January.

Response and Risk Mitigation

In the wake of the breach, MACT notified patients and is offering eligible victims free identity monitoring services to help detect and respond to potential misuse of their information. Healthcare organizations and cybersecurity experts stress that exposure of Social Security numbers alongside medical data significantly raises the risk of identity theft and fraud.

This incident forms part of a disturbing national pattern in which healthcare providers — from urgent care clinics to large hospital networks — are increasingly targeted by ransomware and data theft attacks, often resulting in large-scale exposures of private health information. According to federal data, breaches involving healthcare records are among the fastest-growing categories of cybersecurity incidents, with millions of patient records exposed each year.

Healthcare entities face unique cybersecurity challenges because of the combination of valuable personal data, interconnected systems, and legacy technology. Ransomware groups often exploit these vulnerabilities, threatening to publish stolen data or lock systems unless victims pay demanding ransoms.

For the patients of MACT Health Board, the fallout from the breach will likely require long-term vigilance over financial accounts, credit reports, and personal identity safeguards.