Modern Health Data Breach Impacts Members' Medical Records

Modern Health, a mental health care platform headquartered in San Francisco, recently experienced a data breach affecting an undisclosed total number of individuals.

The breach was first identified in Nov. 2025 when unauthorized access by an individual within Modern Health’s provider network was detected. This individual gained access to a number of member profiles on the company’s behavioral health platform.

The types of information exposed varied by individual but could include protected health information (PHI) such as details from member profiles. Notably, Social Security numbers and financial information were not affected by this incident.

According to a disclosure filed on Jan. 16, 2026, with the Massachusetts Office of Consumer Affairs and Business Regulation, the incident impacted two Massachusetts residents.

Modern Health's response

Modern Health responded to the breach by disabling the compromised profiles and engaging legal counsel to assist with the investigation. By Jan. 5, 2026, the company had finalized the list of individuals whose information may have been compromised.

The company also reviewed and enhanced its onboarding and provider-vetting processes. They are also providing additional training to staff to prevent similar incidents in the future.

Those affected by the breach were notified directly via email on Jan. 12, 2026, and provided with detailed information about the incident.

Modern Health recommends that individuals remain vigilant for signs of identity theft or fraud. Suggested steps include reviewing account statements, monitoring credit reports, and considering the placement of fraud alerts or credit freezes with the three major credit reporting agencies.

The company has made its support and privacy teams available for questions.