Nephrology Associates Notifies Patients of Data Breach

Got story updates? Submit your updates here. ›

Nephrology Associates Medical Group, a California-based nephrology practice, has notified patients of a data security incident that may have exposed protected health information, including names, Social Security numbers, medical records, and insurance details. The incident occurred in May 2025, and the medical group is offering resources and a call center to assist affected patients.

Why it matters

Data breaches in the healthcare industry can have serious consequences for patients, potentially leading to identity theft, financial fraud, and other privacy violations. This incident highlights the ongoing cybersecurity challenges faced by medical providers and the need for robust data protection measures to safeguard sensitive patient information.

The details

According to the announcement, Nephrology Associates identified suspicious activity in its network on or around May 20, 2025 and promptly took steps to secure the environment and launch an investigation. The investigation found that an unknown actor had gained unauthorized access to the network and acquired files containing protected health information. The potentially affected data includes names, Social Security numbers, dates of birth, medical information, insurance details, and billing data.

• Nephrology Associates identified the suspicious activity on or about May 20, 2025.
• The medical group determined the data security incident on December 2, 2025.

What’s next

Nephrology Associates has established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday 6:30am to 3:30pm PT and can be reached at (844) 443-1521.