Copyright newsweek
Two law firms have launched investigations into a data breach at Vibra Hospital of Sacramento. Class action law firms Shamis & Gentile, P.A., and Strauss Borrelli PLLC both specialize in data breaches and announced they are looking into an incident at Vibra Hospital that exposed personally identifiable information (PII) and protected health information (PHI). Why It Matters Compromised information could be used in fraud or identity theft schemes. Anyone who was impacted by this breach may be entitled to compensation, including reimbursements for out-of-pocket expenses, time spent addressing the breach or payment for emotional distress. What To Know Vibra Hospital of Sacramento in Folsom, California, is a critical care hospital that specializes in treating individuals with complex and chronic medical conditions requiring extended hospitalization. It is part of Vibra Healthcare, a national healthcare provider based in Pennsylvania with more than 20 hospitals across 10 states. The hospital released a notice on October 3, 2025, informing patients of the incident. Vibra Hospital of Sacramento also disclosed the incident to the California Attorney General’s office on October 24, 2025. On or about March 13, the hospital discovered suspicious activity related to several employee email accounts. The hospital said it took immediate action to secure the accounts and engage a team of third-party specialists to investigate the incident. The investigation found that six employee email accounts were hacked between March 12 and March 22, 2025, and it was confirmed on August 4, 2025, that personal information may have been accessed by an unauthorized third-party in connection with the incident. This information on these email accounts may have included patient names, addresses, dates of birth, Social Security numbers, dates of medical service, medical diagnosis information, individual health insurance policy number, physician or medical facility information, medical condition or treatment information, Medicare or Medicaid number, patient accounts and financial account numbers. Vibra Hospital said the potentially impacted information may vary for each individual and may include all or just one of the above-listed types of information. As of October 3, Vibra Hospital said it was not aware of any evidence that the PHI or PII had been misused. “However, we were unable to rule out the possibility that the information could have been accessed,” the hospital said. “Therefore, out of an abundance of caution, we are notifying potentially impacted individuals of this incident.” The hospital said it partnered with forensic specialists to evaluate and reinforce existing security measures within the email system and is reviewing its policies and procedures related to data security. What Happens Next The law firms are asking anyone who may have been impacted by the data breach to fill out forms on their website or contact their offices. Although it has no evidence of actual or attempted misuse of information as a result of this incident, Vibra Hospital is encouraging individuals to monitor their account statements and explanation of benefits forms for suspicious activity and to detect errors. Newsweek reached out to Vibra Hospital of Sacramento, Shamis & Gentile, P.A. and Strauss Borrelli PLLC for comment. Have an announcement or news to share? Contact the Newsweek Health Care team at health.care@newsweek.com.
