Open Door Community Health Centers Data Breach

On January 7, 2026, Open Door Community Health Centers notified patients of a data security incident involving TriZetto Provider Solutions (“TriZetto”), a third‑party data clearinghouse vendor for OCHIN Epic, the operator of Open Door’s electronic health record system. According to the notice, TriZetto discovered on October 2, 2025, that an unauthorized third party had gained access to its network beginning around November 2024. The breach was contained the same day it was discovered, but Open Door immediately began evaluating the incident to understand how patient information may have been affected.

Starting as a single clinic in 1971, Open Door now has 14 locations in California, offering primary and dental care, counselling, pharmacy services, and community support offices, serving about 65,000 patients a year and employing almost 800 members of the community.

Because the breach originated within TriZetto’s systems rather than Open Door’s own environment, the organization’s compliance and privacy team is working closely with TriZetto to ensure patient protection and ongoing monitoring.

TriZetto has launched a full forensic investigation with cybersecurity experts, notified law enforcement, enhanced its internal security protocols, and confirmed that financial account information such as payment card and bank data was not involved in the breach. The company is also offering affected individuals 12 months of complimentary credit monitoring, fraud consultation, identity theft restoration services, and access to a dedicated toll‑free support center beginning February 2026.

What information is involved in the Open Door Community Health Centers Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes sensitive data that can uniquely identify you. If compromised, it may be used by criminals to commit identity theft, financial fraud, or other forms of impersonation. Protected Health Information (PHI) — a subset of PII — includes medical and insurance‑related details and is protected under federal and state privacy laws. When PHI is exposed, cybercriminals may combine it with other personal data to perpetrate more extensive fraud schemes.

Open Door encourages affected individuals to take protective steps such as placing a fraud alert with one of the major credit bureaus (Experian, Equifax, TransUnion), reviewing financial and insurance statements for suspicious activity, and enrolling in the complimentary credit monitoring service that will be provided by Kroll once enrollment instructions are mailed.  

California residents benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which provides enhanced rights related to personal data. California also enforces the Confidentiality of Medical Information Act (CMIA), which imposes strict safeguards for medical information.

If you received a NOTICE OF DATA BREACH letter from Open Door Community Health Centers, your personal and/or medical information may be at risk. Identity thieves may use this type of sensitive information to commit fraud, obtain unauthorized services, or engage in other harmful activities.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.