Petaluma Health Center Data Breach

On or about December 15, 2025, Petaluma Health Center was notified of a data security incident involving TriZetto, a third‑party company that works with its electronic medical record system provider, OCHIN. According to the notice, an unauthorized individual gained access to one of TriZetto’s systems, prompting TriZetto to take immediate steps to stop the unauthorized activity and secure its systems.

After learning that the incident may have impacted some patients, Petaluma Health Center began working closely with OCHIN to better understand the scope of the breach and to ensure that appropriate safeguards were in place to protect patient information.

Notification letters were sent to affected patients after Petaluma Health Center confirmed that certain patient data may have been involved in the incident. TriZetto indicated that additional updates may be provided as more information becomes available.

Petaluma Health Center is a non-profit, Federally Qualified Health Center (FQHC) founded in 1996, providing medical care to patients in California and relies on third‑party vendors for electronic medical record and related services.

The incident occurred outside of Petaluma Health Center’s internal systems, at a vendor used by OCHIN.

Following the breach, Petaluma Health Center stated it is reviewing its own internal processes and continuing to work with OCHIN to monitor vendor compliance with appropriate security safeguards.

If you received a data breach notification letter from Petaluma Health Center, it confirms that your personal information may have been involved in the TriZetto security incident.

What information is involved in the Petaluma Health Center Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes data that can be used to identify you, such as your name, contact details, and Social Security number. Healthcare providers and their vendors are legally required to safeguard this information. When they fail to do so, sensitive data may be exposed to unauthorized parties.

A significant portion of the compromised data in this incident may qualify as Protected Health Information (PHI). PHI is protected under federal and state laws and includes medical, insurance, and treatment‑related information. When PHI is exposed in a data breach, it can be used to commit medical identity theft, insurance fraud, and other related crimes.

If your data has been exposed in a healthcare data breach, one of the most important steps you can take is to closely monitor medical bills, insurance statements, and financial accounts and follow any additional instructions provided by TriZetto or its vendor, Kroll, regarding identity theft protection services.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), as well as additional medical privacy safeguards. California patients may have legal rights when healthcare providers or their vendors fail to adequately protect sensitive medical information.

If you received an Important Notice of Security Incident and Breach of Personal Information letter related to Petaluma Health Center and the TriZetto breach, your personal, financial, and medical information may be at risk.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.