Data breach at billing provider La Perouse impacted patients of 7 hospital groups

A data breach at a Las Vegas-based medical billing company in 2025 compromised the personal and healthcare information of patients who availed treatment at seven major hospital groups in the US.

 

La Perouse, a Las Vegas-based revenue cycle management company, announced through a data security incident notice posted on its website that if suffered customer data breach from one of its third-party billing platforms.

 

The medical billing company said that it discovered unauthorised access to the third-party billing platform on July 8, 2025, and immediately took steps to secure its network environment and engaged external cyber security specialists to conduct a forensic investigation into the nature and scope of the cyber incident.

 

"The investigation determined that an unauthorised party had gained access to an account within the billing platform and, during that time, copied files stored on the platform," La Perouse said. "There was no unauthorized access or impact to La Perouse’s own network environment."

 

The medical billing company did not state when the initial infiltration occurred or for how long did malicious actors maintain their access to the third-party billing platform. 

 

"Based on the investigative findings, La Perouse diligently reviewed the potentially impacted files to identify and catalog the types of information present within them and any individuals to whom the information related. After completing this review, La Perouse mailed notice letters to individuals for whom address information was available," the company said.

 

According to La Perouse, the data breach compromised the personal information of individuals who underwent treatment at seven major hospital groups. These are Beach Emergency Medical Associates, Centinela Freeman Emergency Medical Associates, Chino Emergency Medical Associates, Hollywood Presbyterian Emergency Medical Associates, Montclair Emergency Medical Associates, Tarzana Emergency Medical Associates, and Temecula Valley Hospitalist Medical Group. 

 

La Perouse reported the data security incident to the Office of the California Attorney General on May 28, but did not share the number of individuals whose information was compromised during the data breach incident.

 

The company said it completed its investigation into the data security incident in the spring of 2026 and was able to determine that information stolen by the hackers included patients’ names, dates of birth, Social Security numbers, driver’s license or state identification card numbers, patient identification and medical record numbers, medical information, and health insurance information.

 

"La Perouse offered at least 12 months of complimentary credit monitoring and identity theft restoration services to all individuals to help protect their identity along with resources and further information on how individuals can protect against identify theft and fraud," it added.

The company added that after discovering the security incident, it worked with its third-party billing platform to ensure that any additional technical safeguards, enhanced security measures, and updated policies and procedures were implemented to mitigate against the risk of future issues. 

 

"La Perouse encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements, explanation of benefits forms, and monitoring their free credit reports for suspicious activity and to detect errors," it added.