On July 1, 2025, Outcomes One Inc., a healthcare technology company, suffered a **data breach** after an employee’s email account was compromised via a **phishing attack**. The unauthorized actor accessed sensitive files and emails for approximately **one hour**, exposing **personally identifiable information (PII)** and **protected health information (PHI)** of **149,094 individuals**. Compromised data included **names, addresses, medical provider details, health insurance information, and medication records**.The breach was detected when the affected employee noticed suspicious activity, prompting an investigation. Outcomes One notified impacted individuals by mail (starting September 23, 2025) and reported the incident to multiple state authorities, including the **California, Montana, and Oregon Attorneys General**. The company secured the compromised account, hired an external cybersecurity firm, and set up a dedicated response line for affected individuals.The breach posed risks of **identity theft, financial fraud, and misuse of sensitive health data**, though no evidence of malicious use was confirmed at the time of disclosure. The incident highlighted vulnerabilities in employee email security and the potential for **large-scale exposure of confidential patient information** in healthcare-related cyberattacks.
Source: https://www.claimdepot.com/data-breach/outcomes-one-2025
TPRM report: https://www.rankiteo.com/company/outcomesone
"id": "out0093000092425",
"linkid": "outcomesone",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '149,094 individuals',
'industry': 'Healthcare',
'name': 'Outcomes One Inc.',
'type': 'Healthcare Technology Company'}],
'attack_vector': 'Phishing (Compromised Email Account)',
'customer_advisories': ['Review notices from Outcomes One.',
'Use dedicated incident response line (877-332-1681) '
'for assistance.'],
'data_breach': {'data_exfiltration': 'Yes (Files and Emails Accessed)',
'file_types_exposed': ['Emails',
'Attached Files (Likely Documents with '
'Sensitive Data)'],
'number_of_records_exposed': '149,094',
'personally_identifiable_information': ['Names',
'Addresses',
'Medical Provider '
'Names',
'Health Insurance '
'Information',
'Medication '
'Information'],
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['PII (Names, Addresses)',
'PHI (Medical Provider Names, '
'Health Insurance Info, '
'Medication Info)']},
'date_detected': '2025-07-01',
'date_publicly_disclosed': '2025-09-23',
'description': 'On July 1, 2025, Outcomes One Inc., a healthcare technology '
'company, experienced a data breach after an employee’s email '
'account was compromised in a phishing attack. The '
'unauthorized actor accessed files and emails containing '
'sensitive PII and PHI of 149,094 individuals, including '
'names, addresses, medical provider details, health insurance '
'information, and medication data. The breach was detected by '
'the affected employee, and the unauthorized access lasted '
'approximately one hour. Outcomes One notified impacted '
'individuals by mail starting September 23, 2025, and '
'disclosed the incident to multiple state authorities, '
'including the California, Montana, and Oregon Attorneys '
'General.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Data '
'Breach Disclosure)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (PII and PHI Exposed)',
'legal_liabilities': 'Regulatory Notifications to State '
'Authorities (California, Montana, Oregon)',
'systems_affected': ['Single Employee Email Account']},
'initial_access_broker': {'entry_point': 'Compromised Employee Email Account '
'(Phishing)',
'high_value_targets': ['Email Account with '
'Sensitive PII/PHI']},
'investigation_status': 'Completed (Review Finalized on July 17, 2025)',
'post_incident_analysis': {'root_causes': ['Successful Phishing Attack on '
'Employee',
'Lack of Multi-Factor '
'Authentication (MFA) or Email '
'Security Controls (Inferred)']},
'recommendations': ['Monitor financial accounts and credit reports for '
'identity theft signs.',
'Place fraud alerts or credit freezes with major credit '
'bureaus.',
'Be cautious of unsolicited emails/phone calls requesting '
'personal information.'],
'references': [{'source': 'Outcomes One Inc. Data Breach Notice'},
{'source': 'Outcomes One Website'}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General',
'Montana Attorney '
'General',
'Oregon Attorney '
'General']},
'response': {'communication_strategy': ['Dedicated Incident Response Line '
'(877-332-1681, Mon-Fri 9 AM–9 PM ET)',
'Mail Notifications to Affected '
'Individuals (Starting Sept. 23, '
'2025)',
'Disclosure to State Authorities '
'(California, Montana, Oregon '
'Attorneys General)'],
'containment_measures': ['Secured Compromised Email Account'],
'incident_response_plan_activated': True,
'third_party_assistance': 'External Cybersecurity Firm Hired for '
'Investigation'},
'threat_actor': 'Unauthorized Actor (Unknown)',
'title': 'Outcomes One Inc. Data Breach via Phishing Attack (2025)',
'type': 'Data Breach (Phishing)',
'vulnerability_exploited': 'Human Error (Falling for Phishing Scam)'}