OpenLoopHealth Data Breach: 1.6M Patient Records Exposed

A threat actor operating under the alias "stuckin2019" has claimed responsibility for a significant data breach affecting OpenLoopHealth, a U.S.-based digital health infrastructure provider. The breach allegedly exposes over 1.6 million patient records containing sensitive personal health information (PHI), biometric data, and prescription details.

About OpenLoopHealth

OpenLoopHealth is a digital health infrastructure provider that supports medical clinics with clinical, technical, and regulatory systems for virtual-care operations. The company provides telehealth solutions that enable healthcare providers to deliver remote patient care across the United States.

As a critical player in the telehealth ecosystem, OpenLoopHealth handles extensive patient data including medical records, prescriptions, and personal health information—making this breach particularly concerning for patient privacy and healthcare security.

Breach Overview

Key Details:

• Organization: OpenLoopHealth
• Location: United States 🇺🇸
• Industry: Digital Health / Telehealth
• Type: Data Sale (Dark Web)
• Threat Actor: stuckin2019
• Records Affected: 1.6M+ patient files
• Sample Data: Available on dark web forums

The threat actor has posted sample data sets to verify the authenticity of the breach and is reportedly selling the complete database on dark web marketplaces.

Exposed Patient Data

The breach allegedly includes two distinct sample sets containing comprehensive patient information:

Sample Set 1: Personal Health Information

• Full Names
• Email Addresses
• Phone Numbers
• Home Addresses
• Dates of Birth
• Body Statistics (Weight, Height)
• Medical Information
• Biometric Data
• Additional unspecified PHI

Sample Set 2: Treatment & Prescription Data

• Full Names
• Addresses
• Email Addresses
• Phone Numbers
• IP Addresses
• Prescription Information
• FedEx Tracking Numbers (likely related to medication delivery)
• Additional metadata

The inclusion of biometric data, prescription information, and medical records makes this breach particularly severe under HIPAA regulations and poses significant risks to affected patients.

The Threat Actor: stuckin2019

The alias "stuckin2019" is known in dark web communities for selling breached healthcare and personal data. The actor has provided sample datasets to potential buyers, a common tactic to establish credibility before selling complete databases.

The threat actor's ability to exfiltrate such a large volume of sensitive medical data suggests either:

• Unauthorized database access through compromised credentials
• SQL injection or API vulnerabilities in OpenLoopHealth's systems
• Insider threat with legitimate access to patient databases
• Third-party vendor compromise in the healthcare supply chain

Security Implications

This breach raises several critical concerns for the healthcare industry:

1. HIPAA Compliance Violations

The exposure of Protected Health Information (PHI) represents a severe HIPAA violation. OpenLoopHealth may face:

• Regulatory investigations by the HHS Office for Civil Rights
• Substantial fines (up to $1.5M per violation category annually)
• Mandatory breach notifications to affected patients
• Potential class-action lawsuits from impacted individuals

2. Patient Privacy & Identity Theft

The combination of personal identifiers, medical history, and biometric data creates perfect conditions for:

• Medical identity theft (using stolen identities to obtain healthcare services)
• Insurance fraud (filing false claims under stolen identities)
• Targeted phishing (using medical details for social engineering)
• Blackmail and extortion (leveraging sensitive medical conditions)

3. Prescription Fraud

With prescription information and FedEx tracking numbers exposed, criminals could:

• Intercept prescription medications
• File fraudulent prescription claims
• Target patients for pharmaceutical scams
• Exploit controlled substance prescriptions

4. Broader Telehealth Vulnerabilities

This breach highlights systemic security challenges in the rapidly growing telehealth sector:

• Many telehealth platforms prioritized rapid deployment over security
• Legacy healthcare systems often lack modern encryption
• Third-party integrations create expanded attack surfaces
• Patient data is often stored in centralized databases vulnerable to mass exfiltration

Recommendations for Affected Patients

If you are or may be a patient of clinics using OpenLoopHealth's infrastructure:

Immediate Actions

1. Monitor Medical Records: Request copies of your medical records and review for unauthorized access or fraudulent activity
2. Watch Financial Accounts: Monitor credit cards and bank statements for suspicious charges related to healthcare services
3. Enable Credit Monitoring: Consider enrolling in credit monitoring services to detect medical identity theft
4. Review Insurance EOBs: Check Explanation of Benefits statements for unfamiliar procedures or prescriptions

Long-Term Protection

1. Request Security Freezes: Place fraud alerts with credit bureaus
2. Change Passwords: Update passwords for patient portals and healthcare accounts
3. Enable MFA: Activate two-factor authentication wherever available
4. Be Alert for Phishing: Watch for emails or calls using your medical information to seem legitimate

Healthcare Organizations: Securing Patient Data

Traditional database encryption approaches have repeatedly failed to prevent breaches like this. Healthcare providers need to adopt zero-key encryption architectures that eliminate the fundamental vulnerability of stored encryption keys.

Why Traditional Healthcare Security Fails

Most healthcare databases use:

• Encryption at rest with keys stored alongside data
• Application-level encryption vulnerable to SQL injection
• Centralized key management creating single points of failure
• Third-party key storage expanding the attack surface

When attackers gain database access—through compromised credentials, SQL injection, or insider threats—they can access both encrypted data and the keys needed to decrypt it.

The Zero-Key Solution

CIFER's zero-key encryption eliminates encryption keys from the system entirely:

• No keys to steal: Encryption keys never exist in the database, application, or memory
• Policy-based access: Patient data is protected by cryptographic policies, not vulnerable keys
• Breach-proof architecture: Even with full database access, attackers cannot decrypt patient records
• HIPAA compliance by design: Built-in audit trails and access controls

With zero-key encryption, a breach like OpenLoopHealth's would expose only cryptographically protected data—useless to attackers without the ability to satisfy access policies.

Industry Impact

This breach adds to a growing list of healthcare data compromises in 2025-2026:

• OpenLoopHealth: 1.6M+ patient records (January 2026)
• Various healthcare breaches documented in our Insights

The healthcare sector remains the most targeted industry for cyberattacks, with patient data worth 10-50x more than credit card information on dark web markets.

Timeline

• Unknown: Initial compromise date (not yet disclosed)
• January 2026: Threat actor posts breach on dark web forums
• January 9, 2026: Breach publicly reported via dark web intelligence sources

OpenLoopHealth has not yet issued a public statement confirming or denying the breach at the time of this writing.

Conclusion

The OpenLoopHealth breach demonstrates that traditional security approaches—even in highly regulated industries like healthcare—cannot adequately protect sensitive patient data. With 1.6 million patients' medical records, biometric data, and prescription information now circulating on the dark web, the consequences will be felt for years to come.

Healthcare organizations must move beyond compliance checkbox exercises and implement breach-proof encryption architectures that eliminate the root cause of these mass data exfiltrations: accessible encryption keys.

Stay informed about healthcare security breaches and data protection strategies. Contact CIFER to learn how zero-key encryption can protect your healthcare organization's patient data—even in the event of a database breach.

Sources: Dark web intelligence via DarkWebInformer and breach forums