Providence is providing notice of a data privacy incident impacting Pinnacle Holdings, LTD (Pinnacle), a third-party vendor that provides health care consulting services to Providence. In November 2024, Pinnacle experienced a network disruption that resulted in an unauthorized actor accessing and potentially extracting data on Pinnacle’s network from Nov. 11, 2024 to Nov. 25, 2024. Upon discovery, Pinnacle immediately launched an investigation, engaged third-party cybersecurity specialists, notified law enforcement and implemented additional safeguards.
Pinnacle notified Providence on Dec. 30, 2025 that some patients’ personal information may have been impacted as a result. Pinnacle’s investigation found that the privacy event resulted in the exposure of some patients’ first and last name, address, email address, date of birth, encounter ID number, health insurance claim number, health insurance policy number, medical record number, patient account number, patient ID number, phone number, email address, prescription information, social security number, Medicare/Medicaid number, provider name, date of service, health insurance information, treatment cost information, and/or medical/diagnostic information.
All impacted patients have been notified by Pinnacle and have been offered two years of no-cost credit monitoring and identity protection services. Patients who were affected or believe they were affected are advised to contact Pinnacle at (866) 686-2607.