What Is This About?

If you recently received a letter or an email from CommonSpirit Health (“CommonSpirit”) or from Pinnacle Holdings Ltd. (“Pinnacle”) informing you that your sensitive personal or protected health information was compromised in a data breach, we would like to speak with you about your rights and potential legal remedies. CommonSpirit Health recently disclosed that it was the victim of a data breach that exposed individuals’ sensitive personal or protected health information.

What Happened?

On November 25, 2024, a network disruption later identified to be the result of unauthorized access was detected by Pinnacle, a healthcare consulting company that provides services to Northgauge Healthcare Advisors (“Northgauge”), a vendor of CommonSpirit Health. Upon detection, Pinnacle isolated its network and began an investigation with the assistance of third-party cybersecurity experts to determine the nature and scope of the incident. The investigation determined that an unauthorized third party gained access to Pinnacle Holdings’ network between November 11, 2024, and November 25, 2024, during which time files containing sensitive information were accessed and copied. Following the incident, a comprehensive review of the affected files was conducted to determine what information was involved and which individuals were impacted. Pinnacle initially provided notice of the breach to Northgauge in November 2025, but identification of affected individuals was delayed until January 30, 2026. CommonSpirit was notified on February 2, 2026 of the Washington residents impacted by the incident. On February 25, 2025, Northgauge disclosed the incident to the Washington State Attorney General on behalf of CommonSpirit. The breach impacted at least 19,027 individuals in Washington State, with the total number of affected individuals likely higher across CommonSpirit Health’s nationwide healthcare system. Notice letters to impacted individuals are expected to follow as contact information is confirmed.

What Information Was Impacted?

Upon information and belief, the following types of sensitive personal and protected health information may have been compromised:

• • • • • • • • • Patient names;
                • Dates of birth;
                • Contact information and/or physical address;
                • Social Security numbers;
                • Driver’s license/state identification numbers;
                • Taxpayer ID numbers;
                • Passport numbers;
                • Financial account information;
                • Online account credentials;
                • Payment card information;
                • Digital signatures;
                • Biometric data;
                • Medical treatment or diagnosis information;
                • Dates of service;
                • Patient ID and/or encounter ID numbers;
                • Provider names;
                • Patient account numbers;
                • Medical record numbers;
                • Medicare or Medicaid numbers;
                • Health insurance information including claim numbers and policy numbers; and
                • Treatment cost information.

What Action Can You Take?

Levi & Korsinsky, LLP is investigating whether affected users are entitled to compensation. If you received a notice from CommonSpirit Health, Pinnacle Holdings Ltd., or Northgauge Healthcare Advisors there is no cost or obligation to participate. Follow the link below to find out about your rights and potential legal remedies available.