Strauss Borrelli PLLC, a leading data breach law firm, is investigating Planned Parenthood Northern California (“Planned Parenthood NorCal”) regarding its recent data breach. The Planned Parenthood NorCal data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT PLANNED PARENTHOOD NORTHERN CALIFORNIA:
Planned Parenthood NorCal is a reproductive healthcare organization based in California. Founded in 1929, Planned Parenthood NorCal provides a range of reproductive health and family planning services to individuals and families, including birth control, cancer screenings, medication, pregnancy testing and counseling, STD screening and treatment, infertility services, and more.2,3 Headquartered in Concord, California, Planned Parenthood NorCal employs over 200 individuals and offers services across 17 in-person locations.3,4
WHAT HAPPENED?
Recently, Planned Parenthood NorCal reported to the Attorney General of California that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on December 10, 2025, OCHIN, a business associate for Planned Parenthood NorCal, informed Planned Parenthood NorCal of a cyber security incident involving on of their subcontractors, Trizetto Provider Solutions (“TPS”).1 As a result, TPS and OCHIN launched an investigation to determine the nature of the incident.
Through its investigation, TPS and OCHIN confirmed to Planned Parenthood NorCal that sensitive personal information in TPS systems related to Planned Parenthood NorCal patients may have been accessed by an unauthorized third party beginning in November 2024, with no further unauthorized access after October 2, 2025. As a result, TPS and OCHIN began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Health insurance member number (may include Medicare beneficiary identifier)
- Health insurer name
- Dependent information
- Other demographic and health insurance information
On December 24, 2025, Planned Parenthood NorCal began mailing data breach notification letters to impacted individuals. Additionally, Planned Parenthood NorCal posted notice of the breach on its website. Based on the breach notice sent to California residents, Planned Parenthood NorCal and TPS are providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that Planned Parenthood NorCal filed with the Attorney General of California is below.
If you received a breach notification letter from Planned Parenthood Northern California:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS
[1] https://oag.ca.gov/ecrime/databreach/reports/sb24-616419
[2] https://www.plannedparenthood.org/planned-parenthood-northern-california
[3] https://www.linkedin.com/company/planned-parenthood-shasta-pacific/about/
[4] https://www.plannedparenthood.org/planned-parenthood-northern-california/get-care/our-health-centers
