Cyber Incident Victim: One Medical
Date:
Jun 2026
Location:
United States of America
Summary
One Medical reported a data breach involving a third‑party file storage system that stored archived information from Iora Health, a primary care provider it had acquired. An unauthorized party accessed the system, resulting in the exposure of patient files for a limited number of individuals associated with the company's senior care clinics and the legacy Iora Health population. The company said it immediately deactivated the storage system, revoked all access, and launched an investigation that confirmed no other company or Amazon systems were affected. Affected patients are being notified directly, and additional safeguards are being implemented to prevent similar incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
One Medical acquired Iora Health, a Medicare‑focused primary care company, in a $2.1 billion transaction completed in June 2021. Iora Health was later rebranded in 2023 and now operates as One Medical Senior Health. On June 13, 2026, One Medical learned that an unauthorized individual had gained access to a third‑party file storage system that housed archived information from Iora Health. The company stated that the breach was discovered after detecting the unauthorized access and that it promptly initiated a thorough investigation.
The investigation determined that certain patient files belonging to a limited number of One Medical Seniors and legacy Iora Health patients had been accessed. One Medical did not disclose the exact number of affected patients or the total patient count for its senior care clinics. The company emphasized that no other One Medical patients were impacted by the incident and that it began notifying the affected individuals directly.
In response, One Medical immediately deactivated the compromised third‑party storage system and revoked all access to it. The firm said the event was isolated to that system and that no other One Medical or Amazon infrastructure was affected. One Medical also noted that it is implementing additional safeguards to prevent similar events in the future.