On April 13, 2020, US HealthCenter, Inc. experienced a data breach involving unauthorized access to a dedicated email inbox associated with Cost Plus World Market’s Wellness Program. The incident, reported by the California Office of the Attorney General on July 16, 2020, exposed protected health information (PHI) of individuals enrolled in the program. The compromised data may have included sensitive personal and medical details, though the exact scope of the exposed information was not fully disclosed. The breach stemmed from an unauthorized third-party gaining access to the email account, potentially allowing them to view, copy, or exfiltrate PHI. While the company likely took remedial actions—such as securing the affected account, notifying impacted individuals, and offering credit monitoring or identity protection services—the incident highlights vulnerabilities in email security protocols, particularly for accounts handling sensitive health data. The exposure of PHI poses risks such as identity theft, medical fraud, or targeted phishing attacks against affected individuals. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) may also apply, given the nature of the compromised data. The breach underscores the critical need for robust access controls, multi-factor authentication (MFA), and continuous monitoring of systems handling protected health information.