DATABREACHES [.]net reports that Stuckin2019, also known as Stuck, is alleged to have affected telehealth entities, with 3.7 million patients cited across two breaches. OpenLoop Health is said to have had patient data listing for sale on 7 January 2026, with 68,160 Texans affected in a subsequent notification to the Texas Attorney General’s Office; the California Attorney General’s Office was also notified.
According to Stuckin2019’s forum listing, data on 1.6 million patients were acquired, including names, addresses, medical and biometric data, while a second sample contained contact information, prescription details, and FedEx tracking data. The Zealthy breach reportedly involved 2.1 million patient records.
According to Justin Pingel, OpenLoop’s Chief Privacy Officer, the California notice stated that access occurred between 7 and 8 January and that the incident did not include access to electronic health records, Social Security numbers, or financial data. A potential class-action suit was filed on 16 February 2026 in the U.S. District Court for the Southern District of Iowa, and affected patients have been offered one year of identity and credit monitoring by IDX.