OpenLoop Health Data Breach: Telehealth Provider Confirms Unauthorized Access and Data Exfiltration

OpenLoop Health Inc., a major telehealth platform provider, has disclosed a significant data breach, with the potential to rank among the largest healthcare security incidents of the year. The company confirmed that an unauthorized third party gained access to its systems and copied files containing sensitive personal information. While the total number of affected individuals remains undisclosed, the breach notice filed with the California Attorney General signals a substantial exposure of protected health data.

The incident timeline is precise and alarming. OpenLoop Health discovered the unauthorized access on January 7, 2026. A subsequent forensic investigation, conducted with third-party cybersecurity specialists, confirmed the intruder maintained access to the network from January 7 to January 8, 2026. During that window, the attacker successfully exfiltrated files containing highly sensitive personal information, including patient names, physical addresses, email addresses, and dates of birth.

This breach places immense pressure on OpenLoop Health, a key player in the digital healthcare infrastructure. The exposure of such core demographic and contact information creates significant risks for affected individuals, including heightened vulnerability to targeted phishing, identity theft, and fraud. The incident also triggers mandatory regulatory scrutiny under laws like HIPAA, potentially leading to investigations, fines, and lasting reputational damage for the company. It underscores the persistent and critical security challenges facing the rapidly expanding telehealth sector.