
When you schedule a procedure at an outpatient surgery center, you hand over information that goes far beyond your name and phone number. You share details about your health conditions, your treatment history, and the care you received.
That is exactly the kind of information that was reportedly taken from Glendora Surgery Center late last year, and patients deserve to understand what happened, what risks they may face, and what legal options are on the table. Contact the data breach lawyers at The Lyon Firm to learn more about your legal options.
Glendora Surgery Center, an outpatient surgical facility located in Glendora, California, disclosed a cybersecurity incident that occurred over a five-day window between November 29 and December 3, 2025. The facility detected suspicious activity on its computer network and engaged outside cybersecurity specialists to investigate the scope of the intrusion.
The investigation confirmed that an unauthorized party had accessed and removed data from a portion of the center's network. The breach was formally reported to the U.S. Department of Health and Human Services on March 27, 2026 — roughly four months after the incident was discovered. A notice was also posted to the facility's website.
According to the disclosed information, the types of data present in the affected systems included patient names and medical treatment information.
Not every data breach is the same. A breach involving credit card numbers is serious, but financial institutions can cancel cards and reissue them. Medical information is different. Your treatment history, diagnoses, and care records cannot be changed or reissued. They follow you permanently.
When medical treatment information falls into the wrong hands, the risks include:
The fact that financial data was not confirmed as exposed does not mean this breach is low-risk. Medical records have significant black market value precisely because they contain unique, permanent identifiers tied to real people.
Glendora Surgery Center discovered the incident on December 3, 2025. The formal report to the Department of Health and Human Services was not made until March 27, 2026 — nearly four months later. California law and federal HIPAA regulations require covered entities to notify affected individuals and report breaches without unreasonable delay, generally within 60 days of discovery for breaches affecting 500 or more individuals.
When notification is delayed, patients spend months unaware that their protected health information may already be circulating. That gap creates real, practical harm. It limits a person's ability to monitor for misuse, dispute fraudulent claims in time, or take protective steps before damage occurs. The notification timeline in this case is worth examining carefully.
If you received a notice from Glendora Surgery Center, or if you believe your information may have been involved, consider taking these steps now:
California offers some of the most comprehensive data privacy protections available. The California Consumer Privacy Act, the California Confidentiality of Medical Information Act, and federal HIPAA regulations all impose legal obligations on healthcare providers to protect patient information with appropriate security measures. When those obligations are not met, affected individuals may have grounds to pursue legal action.
Potential legal claims in healthcare data breach cases can include negligence, breach of contract, and violations of state consumer protection statutes. Recoverable damages may include compensation for time spent addressing identity theft, out-of-pocket costs, and the harm caused by the loss of control over your private health information.
The data breach attorneys at The Lyon Firm have spent years holding healthcare organizations accountable when they fail to protect patient information. We understand the intersection of HIPAA compliance, California privacy law, and civil litigation strategy, and we know how to build cases that produce results.
We represent clients across California and nationwide in data breach and privacy litigation. Our team handles these cases on a contingency fee basis, which means you pay nothing unless we recover compensation on your behalf. If you received a notice from Glendora Surgery Center, or if you suspect your medical information was involved in this incident, you may have a valid legal claim worth pursuing. Time limits apply under California law, so acting promptly matters.
Contact The Lyon Firm today for a free, confidential consultation about your rights.
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: