Sea Mar Community Health Centers

Sea Mar Community Health Centers operates as a network of community health clinics that delivers primary medical, dental, and behavioral health services to patients across its locations. The organization emphasizes providing accessible care to individuals who may encounter barriers such as low income, lack of insurance, or geographic isolation, aligning with the broader mission of community health providers to reduce disparities in health outcomes. Its clinics are situated in multiple sites throughout the United States, with the organization’s headquarters based in the United States of America. As a handler of protected health information, Sea Mar is subject to federal privacy regulations including the Health Insurance Portability and Accountability Act (HIPAA), which governs the safeguarding of patient data. The organization’s service model integrates preventive care, chronic disease management, and urgent care components within its primary care offerings, while its dental and behavioral health divisions aim to address oral health needs and mental‑well‑being concerns respectively. Sea Mar’s operational approach includes collaboration with local public health agencies and participation in quality‑improvement initiatives designed to enhance patient safety and clinical effectiveness.

In December 2020, Sea Mar Community Health Centers disclosed a cybersecurity incident that involved unauthorized access and data exfiltration from its systems over several months, compromising the personal and medical information of approximately 688,000 individuals. The exposed data encompassed names, Social Security numbers, dates of birth, treatment and diagnostic details, insurance information, claims records, and dental images, reflecting the breadth of sensitive data maintained by the health center. Following a thorough investigation conducted with third‑party cybersecurity experts, Sea Mar distributed notification letters months after the discovery of the breach, offering credit monitoring and identity theft protection services to those whose Social Security numbers were affected. The organization explicitly stated that, at the time of notification, no evidence of data misuse had been identified among the affected individuals. This incident underscores the critical importance of robust cybersecurity controls within healthcare settings, particularly for entities that manage large volumes of protected health information, and highlights the ongoing challenges faced by community health organizations in securing patient data against evolving threats.