Amazon One Medical Data Breach Investigation
What Happened?
On June 13, 2026, One Medical learned that an unauthorized person had gained access to a third-party file-storage system used to retain archived patient information for One Medical Seniors (formerly Iora Health, acquired by One Medical in 2021). One Medical’s investigation determined that the unauthorized access occurred between June 8 and June 11, 2026. The company reports that it secured the system, revoked all user access, and rotated employee credentials, and has stated that the incident is limited to the legacy Seniors file-storage platform and does not impact other One Medical clinics, services, or the One Medical electronic medical record system.
On June 19, 2026, public reporting indicated that the digital extortion group ShinyHunters claimed responsibility and alleged the exfiltration of approximately 8.8 terabytes of data, threatening to publish the records unless One Medical responded by June 22, 2026. ShinyHunters’ claims of scope have not been independently verified. The group is the same actor recently linked to alleged large-scale data thefts from DentaQuest, Madison Square Garden Entertainment, and other organizations.
Which Clinics Are Affected?
One Medical has identified affected files as containing demographic and clinical records of patients at designated One Medical Seniors (formerly Iora Health) clinics in the following metropolitan areas:
- Atlanta, Georgia
- Cape Cod, Massachusetts
- Charlotte, North Carolina
- Piedmont Triad, North Carolina (Greensboro, Winston-Salem, and High Point)
- Denver, Colorado
- Houston, Texas
- Phoenix, Arizona
- Tucson, Arizona
- Seattle, Washington
According to One Medical, patients who were never treated at One Medical Seniors or Iora Health are not involved in this incident.
What Information May Have Been Compromised?
One Medical has stated that the affected files contain demographic and clinical records of certain Seniors and legacy Iora Health patients. Given the senior-care nature of these clinics and the categories of information typically maintained in archived patient files, the impacted records may include patient names, dates of birth, addresses, Social Security numbers, Medicare identifiers, health insurance and billing information, clinical notes, diagnoses, and treatment history.
Why Is This Important?
Compromised health and identifying information of elderly patients carries heightened risks of medical identity theft, fraudulent Medicare claims, prescription fraud, and targeted financial scams aimed at older adults. The unverified ShinyHunters claim that the exposed data is being marketed on extortion forums further raises the prospect that affected patients’ information could be misused for years to come. Federal law and state consumer-protection statutes impose specific duties on healthcare entities to safeguard patient information and to provide timely and adequate notice when those safeguards fail.
What Should You Do?
If you (or a family member) were ever a patient at a One Medical Seniors or legacy Iora Health clinic — particularly at one of the affected metropolitan areas listed above — and you have received a notice from One Medical, Amazon One Medical, One Medical Senior Health, or Iora Health regarding this incident, or you have noticed unexplained spam, fraudulent calls, suspicious Medicare or insurance correspondence, or other unauthorized activity, you may contact our data breach attorneys by completing the form below to learn more about your potential legal rights and our ongoing investigation.
(*) Indicates required field: When communicating with us through this site or otherwise in connection with a matter for which we do not already represent you, your communication may not be treated as privileged or confidential, and does not create an attorney-client relationship between you and our Firm.
