Fyzical Data Breach Exposes Sensitive Personal and Health Information
Fyzical, a healthcare provider, disclosed a data breach that may have compromised sensitive personal and protected health information. On December 9, 2024, the company detected unusual activity in its email environment, prompting an investigation. The probe confirmed that an unauthorized third party accessed and acquired data from the affected emails.
After a thorough review, completed on November 25, 2025, Fyzical determined that exposed information varied by individual but included:
- Full names
- Social Security numbers
- Dates of birth
- Driver’s license or state ID numbers
- Financial account and credit card details
- Health insurance and medical records
Fyzical posted a breach notice on its website on December 19, 2025, detailing the incident and offering affected individuals complimentary credit monitoring services along with specifics on the compromised data. The breach highlights ongoing risks to sensitive healthcare and financial information in digital environments.
Source: https://straussborrelli.com/2025/12/23/fyzical-acquisition-holdings-data-breach-investigation/
FYZICAL Therapy & Balance Centers cybersecurity rating report: https://www.rankiteo.com/company/fyzicalfranchise
"id": "FYZ1766513852",
"linkid": "fyzicalfranchise",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Fyzical',
'type': 'Company'}],
'attack_vector': 'Email Environment',
'customer_advisories': 'Complimentary credit monitoring services provided',
'data_breach': {'data_exfiltration': 'Confirmed',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security number',
'Date of birth',
'Driver’s license or state '
'identification number',
'Financial account information',
'Credit card information',
'Health insurance information',
'Medical health information']},
'date_detected': '2024-12-09',
'date_publicly_disclosed': '2025-12-19',
'description': 'Fyzical experienced a data breach in which sensitive personal '
'identifiable information and protected health information may '
'have been compromised. Unusual activity was detected in its '
'email environment, leading to an investigation that confirmed '
'unauthorized access and acquisition of sensitive data.',
'impact': {'data_compromised': 'Sensitive personal identifiable information '
'and protected health information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Email Environment'},
'investigation_status': 'Completed',
'references': [{'source': 'Fyzical Breach Notice'}],
'response': {'communication_strategy': 'Website breach notice and '
'complimentary credit monitoring '
'services'},
'threat_actor': 'Unauthorized Third Party',
'title': 'Fyzical Data Breach',
'type': 'Data Breach'}