OpenLoop Health faces lawsuit over massive health-data cyberattack

A Des Moines company is facing a potential class action lawsuit over an alleged cyberattack that may have exposed the health data of 1.6 million people to unauthorized disclosure. OpenLoop Health, a digital-health infrastructure company that partners with various healthcare organizations in providing telehealth services to patients, is being sued in U.S. District Court for the Southern District of Iowa. Attorneys for the plaintiff, Kathy Morehart of Texas, allege Morehart and others who are part of a potential class of victims numbering in the thousands relied on OpenLoop to keep their private health information confidential. The lawsuit claims that on Jan. 7, 2026, a group of cybercriminals known as "stuckin2019" claimed to have hacked into OpenLoop's computer system and to have accessed a cache of highly sensitive and private information. The lawsuit alleges that stuckin2019 is claiming the information is linked to more than 1.6 million patients in the United States.