In a significant cybersecurity event, personal data belonging to 716,000 individuals was compromised during a January 2026 breach at OpenLoop Health, a telehealth provider. This breach highlights ongoing security challenges in the healthcare sector.
Details of the Data Breach
The breach was initially reported to authorities in March. However, it was only recently listed on the US Department of Health and Human Services’ breach portal. OpenLoop Health’s notification to the Attorney General’s Offices in California and Texas revealed that the intrusion was detected on January 7. The unauthorized access lasted until January 8, during which sensitive information, including names, addresses, emails, birth dates, and medical details, was extracted.
Fortunately, the breach did not compromise electronic health records, Social Security numbers, or financial account information, according to the notification letters sent out to those affected.
Company’s Response and Mitigation Efforts
Upon discovering the breach, OpenLoop Health swiftly terminated the unauthorized access and initiated an investigation with the help of external cybersecurity experts. To prevent future incidents, the company has reinforced its security protocols and is working in conjunction with law enforcement agencies.
While OpenLoop Health has not identified any misuse of the stolen data, it has advised affected individuals to be alert for signs of identity theft and fraud. The company is offering one year of free identity and credit monitoring services to support those impacted.
Unidentified Threat Actor
The identity of the cybercriminal behind the attack remains unknown. However, earlier this year, a threat actor claimed responsibility, asserting that data from 1.6 million individuals had been stolen. OpenLoop Health, headquartered in Des Moines, Iowa, is a key provider of white-label telehealth services, enabling organizations to deliver virtual care solutions.
This incident underscores the critical need for robust cybersecurity measures in the healthcare industry, especially as digital health services expand.
Additional reports indicate similar breaches affecting healthcare organizations in various states, emphasizing a broader trend of cyber threats targeting sensitive health data.
