One Medical Seniors Data Breach Exposes Patient Information

One Medical Seniors, the senior-focused primary care division of Amazon's One Medical, disclosed a data breach in June 2026 that exposed patient records stored on a third-party file-storage system.

One Medical discovered the breach on June 13, 2026, and posted a security event notice on its website to inform patients about the incident and the steps the company has taken in response.

The breach involved a ransomware attack on a third-party file-storage system that was used to retain archived patient information for One Medical Seniors, according to the company's notification. Between June 8 and June 11, 2026, an unauthorized party gained access to this system and was able to access and view patient files stored within it.

The company's investigation determined that the unauthorized access lasted approximately three days.

The archived platform held legacy data from Iora Health, a value-based primary care group that had specialized in Medicare patients across multiple U.S. markets. One Medical acquired Iora Health in 2021 and later rebranded the senior clinics under the One Medical Seniors name in 2023.

According to the company's notice, this incident is limited to the archived file-storage platform. It does not affect other One Medical clinics, services or the One Medical electronic medical record system. Only individuals who have been patients at One Medical Seniors or legacy Iora Health clinics are potentially affected by this breach.

Separately, a dark web posting on the Tor network, dated June 17, 2026, and attributed to a threat actor known as ShinyHunters, claims that 8.8 terabytes of One Medical data were obtained in the breach.

The types of information exposed included demographic records and clinical records from patients at designated One Medical Seniors clinics in Atlanta, Cape Cod, Charlotte, Piedmont Triad, Denver, Houston, Phoenix, Tucson and Seattle.

One Medical Seniors' response

After learning of the unauthorized access, One Medical stated that it immediately took steps to secure the affected system and prevent further unauthorized access, according to its security event notice. This included revoking all user access to the archived file-storage platform and rotating credentials for every employee who had access to the system.

The company said it has also implemented additional safeguards to help prevent similar incidents from occurring in the future. One Medical stated it has launched an investigation into the breach and is working to determine the full scope of the incident and complete its review as quickly as possible.

Once the investigation is complete, One Medical said it will promptly notify patients whose information was found to have been involved. Notification letters will be sent by mail and are expected to provide each affected patient with details about the specific information that may have been compromised in their case.

For current and former One Medical Seniors or Iora Health patients who have questions before receiving a letter, the company has opened a dedicated toll-free call center at 833-745-1398. The call center is available from 8:00 a.m. to 8:00 p.m. CT, except on major holidays. Patients may also reach the company by email at privacy@onemedical.com.