Cyber Incident Victim: San Diego American Indian Health Center

On May 5, 2022, the San Diego American Indian Health Center (SDAIHC) identified a cybersecurity attack affecting its digital network, prompting immediate containment measures. The organization engaged external cybersecurity experts to investigate the breach, which revealed unauthorized access and data exfiltration by an unknown actor. The compromised information included personal and protected health data such as names, addresses, Social Security numbers, driver’s licenses, tribal identification numbers, passport numbers, medical records, health insurance details, and dates of birth. SDAIHC notified the Federal Bureau of Investigation and pledged cooperation with law enforcement efforts to identify the perpetrators. No evidence of data misuse was detected at any stage of the investigation. The organization reinforced its network security protocols to prevent recurrence but did not disclose technical specifics of the attack vector or the duration of unauthorized access prior to detection.

SDAIHC initiated a phased notification process beginning with a substitute public notice on August 15, 2022, followed by direct mailings to individuals with verified addresses after completing data analysis on October 14, 2022. A final notification round occurred on November 10, 2022, detailing the incident and offering complimentary credit monitoring and identity protection services through IDX. The organization established a toll-free call center operational on weekdays from 6:00 am to 6:00 pm Pacific Time and launched a dedicated informational website. Impacted individuals were advised to monitor financial accounts, review credit reports via annualcreditreport.com, and consider fraud alerts or security freezes through major credit bureaus. SDAIHC emphasized its regret over the incident but did not disclose the number of affected individuals, operational disruptions, or financial repercussions stemming from the breach.