Legacy Health Data Breach Affects More Than 6K in the U.S.

On Oct. 23, 2025, Legacy Health, LLC disclosed a data breach exposing sensitive personally identifiable information (PII) and personal health information (PHI) of patients. So far, the cybersecurity incident has impacted at least 6,547 people in the U.S., including 4,031 individuals in Texas.

The breach was first reported through the U.S. Department of Health and Human Services, and shortly thereafter through the Texas Attorney General and the Massachusetts Attorney General.

The types of information exposed in this breach included PII and PHI such as the names of individuals, Social Security numbers, medical information, health insurance information, driver's licenses, financial account, and bank account number.

Legacy Health’s response

Legacy Health has notified affected individuals by U.S. Mail, following regulatory requirements for data breach notification. While the company has not publicly detailed additional resources or support, individuals whose information was exposed should take several precautionary steps.

First, review any correspondence from Legacy Health carefully. It may contain instructions or resources such as credit monitoring or identity theft protection. Even if such services are not explicitly offered, those affected should consider monitoring their credit reports and health insurance statements for suspicious activity. If any unauthorized medical services or insurance claims appear, report them immediately to the relevant provider and insurer.

Additionally, individuals should be alert for phishing attempts or scams that may use their compromised information. Never provide additional personal information in response to unsolicited emails or calls referencing this incident.