On December 13, 2024, multiple news sources reported that an unknown actor behind a recent ransomware attack on PIH Health claimed to have stolen the protected health information (PHI) of 17 million patients from the provider. On December 1, 2024, the California health system received a ransom letter detailing the ransomware group’s demands for cooperation, and threatening to share the stolen records, along with screenshots, on the internet. Following the attack, PHI Health was forced to take its network offline while third party cyber forensic specialists and the FBI investigated. This disruption of PIH Health’s network has resulted in downtime procedures for staff, forcing them to manually record patient data and disrupting phone lines. In the meantime, patients have been asked to come to their in-person appointments early to allow additional time for downtime processes. PIH Health has issued a notice on its website explaining that affected individuals will be notified of the breach if the investigation finds their PHI was compromised.