Providence Data Breach Lawsuit Investigation

Written By Valeria Linares

Patients across the Providence health network have been alerted to a data-sharing incident involving the organization’s Health Information Exchange (HIE). If you received a breach notice dated April 9, 2026, you may have legal options to seek compensation and additional protections. Contact our team for a free, confidential case evaluation today.

Submit Claim
Submit Claim

At a Glance

  • Breach window: August 30, 2024 – December 8, 2025

  • Discovery date: February 11, 2026

  • Consumer notification sent: April 9, 2026

  • Free 12-month identity protection through IDX offered; enrollment deadline July 9, 2026

  • Social Security numbers not involved

Data breach Notice
Data breach Notice

What Happened

Providence Health & Services (Providence) learned on February 11, 2026 that certain participants in a Health Information Exchange connected via Health Gorilla and the Epic electronic health record system may have accessed or shared patient information without a defined business need. The exchange activity in question occurred between August 30, 2024 and December 8, 2025. Providence states there is no indication that its medical record systems were hacked or that data was stolen by external threat actors; however, the unauthorized sharing potentially exposed sensitive patient details.

Information Exposed

The following data elements may have been accessed:

  • Full name

  • Date of birth

  • Address and phone number

  • Insurance policy number

  • Emergency contact information

  • Dates & places of service

  • Test results, diagnoses, medications, and other clinical records

Providence confirms that no Social Security numbers were included in the exchanged files.

Providence’s Response

The organization reports that it is:

  • Reviewing how the data-sharing service was used

  • Working with technology partners, including Health Gorilla, to understand the scope of the issue

  • Implementing additional safeguards to protect patient information

Free Identity Protection for Patients

Because your data may have been compromised, Providence is offering complimentary identity protection services through IDX for one year. To enroll, visit app.idx.us/account-creation/protect or call 1-888-202-1558 and provide the enrollment code from your notice letter. Service hours are Monday–Friday, 6 a.m. – 6 p.m. PT. The enrollment deadline is July 9, 2026.

Recommended Next Steps for Affected Patients

  1. Enroll in the free IDX protection before the July 9, 2026 deadline.

  2. Monitor explanation-of-benefits statements and provider portals for unfamiliar activity.

  3. Review credit reports and consider placing a fraud alert with major credit bureaus.

  4. Retain all breach-related correspondence for your records.

  5. Discuss your legal rights by requesting a no-cost consultation.

Incident Timeline

  • Aug 30 2024 – Dec 08 2025: Data exchanged through HIE

  • Feb 11 2026: Providence notified of potential unauthorized access

  • Apr 09 2026: Consumer notification letters mailed

  • Jul 09 2026: Deadline to enroll in IDX services

Company Overview

Providence is a not-for-profit Catholic health system operating hospitals and clinics across the United States.

Sources

Impacted Entities

Frequently Asked Questions

I received a data breach letter from Providence — what should I do?

Enroll in the free IDX identity protection service by July 9, 2026, monitor your medical and insurance records, and consider speaking with a data-breach attorney about your rights.

How do I submit a claim related to the Providence data breach?

Complete our secure intake form or call the number on this page for a free evaluation. Our team will explain eligibility and next steps at no cost.

What information did the Providence breach expose?

Potentially exposed details include your name, date of birth, contact information, insurance policy number, and clinical data such as test results, diagnoses, and medications.

Did Providence offer credit or identity monitoring?

Yes. Providence is providing one year of complimentary identity-protection services through IDX.

How many people were affected by the Providence breach?

Providence has not publicly released the total number of impacted patients as of the latest update on April 17, 2026.

How can I get the official breach notice (PDF) for Providence?

You can download it directly from the California Attorney General’s website using the button above in this article.

Attorney Advertising. Prior results do not guarantee a similar outcome.

Valeria Linares
Next

Markowitz Ringel Trusty & Hartog Data Breach Lawsuit Investigation