Telehealth aggregator OpenLoop Health confirms 716,000 patient records stolen in a 24-hour intrusion in January - downstream consumer brands still unnamed

OpenLoop Health, an Iowa-based telehealth infrastructure company that supplies clinicians and prescription processing to dozens of consumer telehealth platforms, has confirmed via the HHS breach portal that a January 2026 incident affected 716,000 individuals. Attackers were inside its systems for only one day - January 7 to 8 - but exfiltrated names, addresses, email addresses, dates of birth, and medical information. Social Security numbers and electronic health records were not accessed. A threat actor called Stuckin2019 claimed responsibility and put samples on a hacking forum; OpenLoop reportedly paid them and the listing was taken down. Because OpenLoop is white-label, affected patients enrolled through many different consumer telehealth brands.

Check

Search HR and benefits records for employee enrollments in telehealth programs (weight loss, men's health, hormone therapy) that may run on OpenLoop's backend, and review supplier security questionnaires for any telehealth vendor.

Affected

Patients of any consumer telehealth platform that uses OpenLoop Health as its clinical infrastructure provider. 716,000 individuals confirmed via HHS OCR; threat actor Stuckin2019 claimed 1.6 million.

Fix

Affected individuals should enroll in the free IDX credit and identity monitoring OpenLoop is offering, and watch for medical-themed phishing for at least 12 months. Treat unexpected appointment reminders or prescription notices as suspect until verified.