Legacy Health Data Breach Affects More Than 6K in the U.S.

On Oct. 23, 2025, Legacy Health, LLC disclosed a data breach exposing sensitive personally identifiable information (PII) and personal health information (PHI) of patients. So far, the cybersecurity incident has impacted at least 6,547 people in the U.S., including 4,031 individuals in Texas.

The breach was first reported through the U.S. Department of Health and Human Services, and shortly thereafter through the Texas Attorney General’s Data Security Breach Reports portal disclosing that the types of information exposed in this breach included the names of individuals, medical information and health insurance information.

The exposure of PII and PHI puts individuals at risk of identity theft and medical fraud.

Legacy Health’s response

Legacy Health, LLC has notified affected individuals by U.S. Mail, following regulatory requirements for data breach notification. While the company has not publicly detailed additional resources or support, individuals whose information was exposed should take several precautionary steps.

First, review any correspondence from Legacy Health, LLC carefully. It may contain instructions or resources such as credit monitoring or identity theft protection. Even if such services are not explicitly offered, those affected should consider monitoring their credit reports and health insurance statements for suspicious activity. If any unauthorized medical services or insurance claims appear, report them immediately to the relevant provider and insurer.

Additionally, individuals should be alert for phishing attempts or scams that may use their compromised information. Never provide additional personal information in response to unsolicited emails or calls referencing this incident.

For more information, refer to the official disclosure on the Texas Attorney General’s Data Security Breach Reports portal.