Outcomes One Data Breach Affects 149,094 Individuals

Published

September 24, 2025

Updated

September 24, 2025

Outcomes One

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On July 1, 2025, Outcomes One Inc., a health tech company streamlining pharmacy workflows, experienced a data breach after an employee’s email account was compromised in a phishing attack. The incident was detected when the affected employee noticed suspicious activity.

An investigation was launched and it was determined that an unauthorized actor gained access to the email account. The attacker accessed certain files and emails containing sensitive information. According to a review completed on July 17, 2025 the unauthorized access lasted for about one hour and was limited to a single email account.

The cybersecurity incident impacted both personally identifiable information (PII) and protected health information (PHI) belonging to 149,094 individuals. Compromised information included names, addresses, medical provider names, health insurance information and medication information.

Outcomes One began notifying impacted individuals by mail on Sept. 23, 2025. The company also disclosed the data breach to multiple state authorities, including the California Attorney General, Montana Attorney General, Oregon Attorney General and the Texas Attorney General.

Many of the attorney general disclosures include state-specific impacts; 11,679 Texans are affected as well as 14 residents of Montana.

Outcomes One's response

In response to the breach, Outcomes One took immediate steps to secure the compromised email account and hired an external cybersecurity firm to investigate. The company also established a dedicated incident response line at 877-332-1681, available Monday through Friday, 9 a.m. to 9 p.m. Eastern Time, to assist affected individuals with questions..

If you believe your personal information may have been compromised in this breach:

Carefully review any notice or communication you receive from Outcomes One.
Monitor financial accounts and credit reports for signs of identity theft.
Consider placing fraud alerts or credit freezes with the major credit bureaus.
Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the company can be found on the Outcomes One website.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.