Pulse Urgent Care Suffers Security Breach, Personal Data Compromised

Pulse Urgent Care Center confirmed a data security incident following claims by the Medusa ransomware group that it infiltrated the organisation’s internal network and exfiltrated sensitive information.

 

Pulse Urgent Care Center, a California-based urgent care provider with clinics in Pulse Urgent Care Center in Redding and Pulse Urgent Care - Red Bluff in Red Bluff, offers walk-in medical services for non-emergency illnesses, injuries and occupational health needs across Northern California.

 

In a data security incident notice filed with the Office of the California Attorney General, Pulse said that on March 24, it identified unauthorised access within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“On May 1, 2025, we received additional information that led us to believe some patient information may have been accessed during the event. On November 26, 2025, we determined that some of your personal information may have been involved in the incident,” Pulse said.

 

The compromised data included name And other personal identifiers including Social Security numbers, driver’s license numbers, medical information and health insurance information. 

 

“As soon as we discovered the incident, we took the steps discussed above to investigate the incident and to notify appropriate individuals, including yourself. In order to reduce the likelihood of a similar incident occurring in the future, we implemented additional measures to enhance the security of our network environment,” the healthcare provider added.

 

While Pulse found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

 

 

The Medusa ransomware group claimed responsibility for the cyber attack on Pulse and listed it as a victim on its data leak site. The group claimed to be in possession of confidential data stolen from the healthcare provider and threatened to leak the same unless its ransom demands were fulfilled.