THE SecurityWeek article reports that 716,000 individuals were affected by a January 2026 data breach at the telehealth platform OpenLoop Health, with personal information exfiltrated from its systems. Hackers had access to OpenLoop Health systems between 7 January and 8 January, and stole names, addresses, email addresses, birth dates and medical data, while the incident did not involve access to electronic health records, Social Security numbers, or financial account information.
The breach was first disclosed to relevant authorities in March, and the number of impacted individuals was only added to the US Department of Health and Human Services’ breach portal this week. OpenLoop Health terminated the unauthorized access, launched an investigation with external cybersecurity specialists, and said it improved its security controls while coordinating with law enforcement.
The company stated it was not aware of any misuse of the stolen information, and offered affected individuals one year of free identity and credit monitoring services. A threat actor reportedly claimed the attack earlier this year and said they stole the information of 1.6 million individuals, though the article notes this claim without confirming attribution.