Outcomes One alerts 149,000 Aetna members to email breach following phishing attack

Outcomes One, Inc., a Florida-based provider of medication therapy management and adherence technology for health plans, is notifying 149,094 individuals that their personal information may have been exposed in an email security incident linked to a phishing attack.

The company reported that on July 1, 2025, an employee detected unusual activity in his email account and immediately alerted the security team. The account was secured within an hour, and an investigation confirmed that an unauthorized party had gained access after the employee responded to a phishing email. Outcomes One emphasized that the breach was limited to the single compromised account.

A review of the account found that it contained names paired with one or more data types, including demographic details, health insurance information, medication information, and the names of medical providers. A breach notice filed with the California Attorney General specified that the affected individuals were members of Aetna health insurance plans.

To prevent similar incidents, Outcomes One said it has provided its workforce with additional training to identify phishing attempts and has strengthened safeguards designed to protect sensitive data. The company noted that protecting patient information remains a priority as it works to enhance its security posture.