Data Breach Investigation 2026 — 35 Healthcare, Dental, and Financial Companies May Have Exposed Your Personal Information
By Steve Levine
Published: March 12, 2026
Status: Active Attorney Investigation — All U.S. States
Companies: 35 organizations across healthcare, dental, pharmacy, finance, and more
What Is This Investigation About?
If you have a current or former relationship with any of the companies listed on this page — as a patient, customer, employee, or client — your sensitive personal information may have been compromised in a data breach, and you may be entitled to compensation.Attorneys at Siri & Glimstad LLP are investigating possible data breaches at 35 companies spanning healthcare providers, dental practices, pharmacies, financial firms, senior care facilities, and other businesses. These investigations focus on whether these organizations failed to adequately protect personal data including names, Social Security numbers, medical records, financial information, and other sensitive data that can be used for identity theft and fraud.
This investigation comes amid a record-breaking wave of data breaches across the United States. According to the Identity Theft Resource Center, U.S. data breaches reached an all-time high of 3,322 reported incidents in 2025 — a 4% increase over the previous year. Cyberattacks accounted for 80% of those breaches. The financial services and healthcare sectors were the hardest hit, with 739 and 534 reported breaches respectively.
Why Healthcare Data Breaches Are So Dangerous
Healthcare data breaches are especially damaging because the type of information stored by medical providers is far more valuable to criminals than a stolen credit card number. When your medical records are exposed, the breach can include your full name, Social Security number, date of birth, home address, medical diagnoses, medications, treatment histories, health insurance policy numbers, and financial account information — all in one place.A credit card number can be cancelled and replaced within days. But your Social Security number, medical history, and date of birth cannot be changed. Once that information is stolen, you are at risk of identity theft, medical identity theft, financial fraud, and targeted phishing scams for years — potentially for the rest of your life.
The financial impact can be devastating. According to a study cited in the OpenLoop Health data breach lawsuit, confirmed identity theft cases stemming from healthcare breaches cost victims an average of $20,000 in out-of-pocket expenses, often related to their health coverage. On the black market, protected health information sells for as much as $363 per record, compared to just $1 to $2 for a credit card number. That price difference explains why hackers target healthcare companies so aggressively.
Recent survey data underscores the scale of the problem. A 2025 consumer survey by the Identity Theft Resource Center found that 80% of respondents had received at least one data breach notification in the prior 12 months. Nearly 40% said they had received three to five separate breach notices. And 88% of individuals who received a breach notice experienced at least one negative consequence afterward, including targeted phishing attempts.
Which Companies Are Being Investigated?
The following 35 companies are currently under investigation for possible data breaches. If you have any current or former relationship with any of these organizations — even if it was years ago — you may be affected:OpenLoop Health
Noble Pharma LLC (Menomonie, WI)
Utah Bariatrics
Cirrus Aviation
Family Health Centers of Southern Indiana
Richey Tax Solutions LLC
Vascular & Interventional Physician Partners
Associated Endocrinologists
Optimum Health Institute
Carlyle Senior Care of Florence
Grandview Family Medicine
Dr. Fisher's Medical Weight Loss Centers
Community Health Action of Staten Island
Nebraska Health Imaging
Stockton Cardiology
Heartland Title Co
Northeast Pharmacy Service Corporation
Oklahoma Auto Exchange
Bluefish Dental & Orthodontics
L.A. Downtown Medical Center
Rocky Mountain Care
Nebraska Hearing Instruments LLC
Landmark Rehab Group
Lymphedema Therapy Specialists
Rockwood Retirement
Lewis Drug
Belmont Plastic Surgery
Smiles Care
Ladue Family Dental
Garland, Williams & Associates
Nephrology Associates
Comprehensive Orthopaedics and Musculoskeletal Care, LLC
Alta Orthopaedics
Tupelo Eye Clinic
Aretemedica
Several of these companies have already been publicly linked to cyberattacks. OpenLoop Health, a telehealth infrastructure company based in Des Moines, Iowa, is already facing a class action lawsuit after a January 2026 cyberattack allegedly exposed the records of over 1.6 million patients. Lewis Drug, a pharmacy chain, was hit by a ransomware attack from a group known as AiLock in early March 2026.
The majority of the companies on this list are healthcare providers — including medical practices, dental offices, imaging centers, pharmacies, rehabilitation facilities, and senior care homes — which store some of the most sensitive personal data of any industry.
Do I Qualify?
You may qualify for this investigation if you have a current or former relationship with any of the 35 companies listed above. This includes relationships as a patient, customer, employee, contractor, or anyone else who provided personal information to these organizations. This investigation is open to residents of all U.S. states.You do not need to have received a data breach notification letter to participate. Many breach victims are never notified, or notifications arrive months after the breach occurred. Under HIPAA, healthcare companies that experience a breach affecting 500 or more people must notify affected individuals, but smaller breaches may go unreported for extended periods. Companies that are not covered by HIPAA — like financial firms, auto dealers, and title companies — may have even fewer notification obligations depending on state law.
If you are not sure whether you were a patient or customer of one of these companies, consider that some of them — like OpenLoop Health — operate as behind-the-scenes infrastructure providers for other telehealth services. OpenLoop powers telehealth platforms used for weight loss, mental health, men's health, and prescription services (including brands like Remedy Meds, MEDVi, Fridays/JoinFridays, and Triad RX). You may have been an OpenLoop patient without ever hearing the name "OpenLoop."
What Kind of Data Could Have Been Exposed?
The type of data exposed varies by company, but healthcare and financial data breaches commonly involve full legal names, Social Security numbers, dates of birth, home addresses, email addresses, phone numbers, medical record numbers, diagnoses and conditions, medications and treatment histories, health insurance policy and group numbers, financial account and routing numbers, driver's license numbers, and in some cases biometric data.For dental practices specifically (like Bluefish Dental, Smiles Care, Ladue Family Dental, and others on this list), breaches may also include dental X-rays, treatment plans, insurance billing records, and payment card information.
For financial and title companies (like Heartland Title Co, Richey Tax Solutions, and Garland, Williams & Associates), exposed data can include tax returns, income documentation, bank account details, property records, and other financial information that is especially useful for committing fraud.
What Kind of Compensation Is Available?
There is no settlement or payout at this stage — this is an active attorney investigation. However, if lawsuits are filed and succeed or settle, data breach settlements typically provide compensation for out-of-pocket losses you incurred as a result of the breach (such as costs related to identity theft, fraud, unauthorized charges, or time spent dealing with the fallout), free credit monitoring and identity theft protection services (typically for two to three years), and statutory damages where applicable under state law.Recent data breach settlements have provided payouts ranging from a few dollars to several thousand dollars per person, depending on the severity of the breach and whether the individual experienced actual harm. For context, the recent Emergency Medical Services Authority (EMSA) data breach settlement offered up to $3,000 per person for documented monetary losses, plus two years of credit monitoring.
What Should I Do Right Now to Protect Myself?
Whether or not you choose to participate in this investigation, if you have a relationship with any of the companies listed above, you should take immediate steps to protect yourself. Place a fraud alert or credit freeze with all three credit bureaus (Equifax, Experian, and TransUnion). Monitor your bank accounts, credit card statements, and health insurance explanation of benefits (EOBs) for any unauthorized activity. Be alert for phishing emails, texts, or phone calls claiming to be from your healthcare provider, bank, or insurance company — these are common follow-up scams after a data breach. Consider enrolling in a credit monitoring or identity theft protection service if one is offered by the breached company. Review your credit reports regularly at AnnualCreditReport.com. If you receive a data breach notification letter, read it carefully and follow the instructions — do not ignore it.How Do I Participate in This Investigation?
If you have a current or former relationship with any of the companies listed above, you can submit your information through the link below. The investigating attorneys at Siri & Glimstad LLP will review your submission and contact you if you may have a viable claim.There is no cost to you and no obligation. The attorneys work on a contingency basis, meaning they only get paid if they win or settle on your behalf. You do not need to have experienced identity theft or financial fraud to submit your information — the exposure of your data alone may be sufficient for a claim.
Case Information
Type: Active attorney investigation (no lawsuits filed yet for these specific companies)
Location: All U.S. states
Companies: 35 organizations (see full list above)
Industries: Healthcare, dental, pharmacy, financial services, senior care, aviation, automotive, rehabilitation
Investigating Firm: Siri & Glimstad LLP
How Do I Find Class Action Settlements?
Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:Submit Your Information
Check If You Qualify
Sources
• Siri & Glimstad LLP — Data Breach Investigation (35 Companies)• Identity Theft Resource Center — 2025 Annual Data Breach Report
Investigation Disclaimer
This is a legal advertisement. Attorney advertising disclaimer: The information you obtain at this site is not, nor is it intended to be, legal advice. You should consult an attorney for advice regarding your individual situation. Contacting us does not create an attorney-client relationship. Prior results do not guarantee a similar outcome. No class action lawsuit has been filed in this matter for the companies listed above. Attorneys at Siri & Glimstad LLP are currently investigating whether claims exist. Submitting your information does not guarantee you will receive compensation and does not mean a lawsuit will be filed. OpenClassActions.com is a consumer advocacy and class action news site, and is not a class action administrator or a law firm.
For more class actions keep scrolling below.
Childrens' Video Game Addiction
Deadline: Pending
Submit Claim
DraftKings & FanDuel Addiction Lawsuits
Status: Open
Submit Claim
Kids Playing Roblox - Alleged Abuse
Pre-Qualify Here
Submit Claim
$990K Differin Acne Product Settlement
Deadline: May 19, 2026
Submit Claim
$4.17M RevitaLash Conditioner Settlement
Deadline: April 20, 2026
Submit Claim
$87.5M Beef Prices Settlement
Deadline: June 30, 2026
Submit Claim
Dollar General Bait & Switch Settlement
Deadline: April 13, 2026
Submit Claim
Belkin Power Bank Settlement
Deadline: March 30, 2026
Submit Claim
Cosequin Dog Supplements Settlement
Deadline: July 21, 2026
Submit Claim
Depo Provera Investigation
Deadline: Pending
Pre-Qualify| Data Breach Investigation Summary | |
| Status | Active Attorney Investigation |
|---|---|
| Location | All U.S. States |
| Companies | 35 organizations (healthcare, dental, pharmacy, finance, senior care, more) |
| Who Qualifies | Current or former patients, customers, employees, or clients |
| Investigating Firm | Siri & Glimstad LLP |
| Claim Form | Pre-Qualify |