Fieldtex Products Data Breach 2025 (Akira Ransomware): 274,363 Health Plan Members Exposed Across 13 States. What To Do
Fieldtex Products, a Rochester NY medical-supply fulfillment business associate, was hit by the Akira ransomware group in August 2025. Four HHS OCR reports cover 274,363 individuals across downstream health plans including Medicare and AmeriHealth members. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Aug 19, 2025
Unauthorized activity identified on Fieldtex computer systems; network secured and third-party forensic investigators engaged.
Aug 19, 2025
Attacker gained access
Sep 30, 2025
Forensic analysis of affected data completed; protected health information confirmed exposed.
Nov 5, 2025
Akira ransomware group claims responsibility on its Tor leak site, alleging exfiltration of roughly 14 GB of data from Fieldtex's E-First Aid Supplies division.
Nov 20, 2025
Fieldtex files its first HHS OCR breach report (238,615 individuals) and posts a substitute notice on fieldtex.com.
Dec 3, 2025
Fieldtex files three additional HHS OCR breach reports on behalf of separate downstream health-plan customers, bringing the disclosed total to at least 274,363 individuals.
Dec 15, 2025
First class-action complaint filed in WDNY (Ruszin v. Fieldtex Products Inc., 6:25-cv-06768).
Jan 7, 2026
Second class-action complaint filed (Stair v. Fieldtex Products Inc., 6:26-cv-06024, Milberg PLLC).
Mar 17, 2026
Judge Elizabeth A. Wolford consolidates seven related cases into 6:25-cv-06768 and appoints interim co-lead counsel: Mason LLP, Barnow and Associates, Srourian Law Firm, and Israel David LLC.
Mar 31, 2026
Consolidated Amended Complaint filed with six named plaintiffs: Robert Ruszin, Pamela Wollenberg, Alegria Clark, Frank Hensley, Justin Stair, and Jessica Clark.
Aug 19, 2025
Unauthorized activity identified on Fieldtex computer systems; network secured and third-party forensic investigators engaged.
Aug 19, 2025
Attacker gained access
Sep 30, 2025
Forensic analysis of affected data completed; protected health information confirmed exposed.
Nov 5, 2025
Akira ransomware group claims responsibility on its Tor leak site, alleging exfiltration of roughly 14 GB of data from Fieldtex's E-First Aid Supplies division.
Nov 20, 2025
Fieldtex files its first HHS OCR breach report (238,615 individuals) and posts a substitute notice on fieldtex.com.
Dec 3, 2025
Fieldtex files three additional HHS OCR breach reports on behalf of separate downstream health-plan customers, bringing the disclosed total to at least 274,363 individuals.
Dec 15, 2025
First class-action complaint filed in WDNY (Ruszin v. Fieldtex Products Inc., 6:25-cv-06768).
Jan 7, 2026
Second class-action complaint filed (Stair v. Fieldtex Products Inc., 6:26-cv-06024, Milberg PLLC).
Mar 17, 2026
Judge Elizabeth A. Wolford consolidates seven related cases into 6:25-cv-06768 and appoints interim co-lead counsel: Mason LLP, Barnow and Associates, Srourian Law Firm, and Israel David LLC.
Mar 31, 2026
Consolidated Amended Complaint filed with six named plaintiffs: Robert Ruszin, Pamela Wollenberg, Alegria Clark, Frank Hensley, Justin Stair, and Jessica Clark.
Data exposed
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Fieldtex Products, Inc. is a Rochester, New York-based contract manufacturer and fulfillment vendor founded in 1973. Its E-First Aid Supplies division ships over-the-counter (OTC) benefit items to health plan members. As a HIPAA business associate, Fieldtex holds names, addresses, dates of birth, member IDs, plan names, plan effective terms, and gender for enrollees across multiple downstream covered entities, including Medicare Advantage and commercial health plans such as AmeriHealth. The company operates a 55,000-square-foot facility and employs over 150 staff.
On August 19, 2025, Fieldtex identified unauthorized access to its computer systems, immediately secured its network, and engaged a third-party forensic investigation team. By September 30, 2025, the review confirmed that protected health information had been accessible to the attacker. On November 5, 2025, the Akira ransomware group claimed responsibility on its Tor-based leak site, alleging exfiltration of roughly 14 GB of data from the E-First Aid Supplies division, including employee, customer, and financial documents.
Fieldtex filed its first HHS OCR breach report on November 20, 2025, covering 238,615 individuals, and posted a substitute notice on its corporate website the same day. On December 3, 2025, Fieldtex filed three additional OCR reports on behalf of separate downstream covered-entity customers, bringing the total publicly disclosed count to at least 274,363 individuals. The company notified at least 13 state attorneys general, with filings documented in California, Iowa, Maine, Massachusetts (December 24, 2025), Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, and Washington.
What was stolen
According to Fieldtex’s own notice, corroborated by the South Carolina AG consumer notice letter and trade press reporting, the confirmed exposed data elements are:
- Full name
- Home address
- Date of birth
- Insurance member identification number
- Health plan name
- Plan effective terms
- Gender
No Social Security numbers, financial account numbers, payment card data, or clinical treatment records were identified as exposed by Fieldtex’s forensic review. Fieldtex stated there is no indication the data has been misused; however, Akira’s claim of exfiltration means the data left Fieldtex’s control regardless of observed misuse.
What Fieldtex is offering
Fieldtex arranged 12 months of complimentary credit monitoring through Cyberscout, a TransUnion company, for affected individuals. The enrollment deadline was 90 days from the date of the notification letter (letters were dated December 3, 2025, making the deadline approximately March 3, 2026). That enrollment window has now closed for most recipients.
Contact details for Fieldtex’s dedicated response team:
- Hotline: 833-866-8797, Monday through Friday, 8:00 AM to 8:00 PM Eastern Time (excluding holidays)
- Email: [email protected]
- Mail: Fieldtex Products Inc., c/o Cyberscout, PO Box 1286, Dearborn, MI 48120-9998
Because Fieldtex is a business associate rather than your health plan, your notification letter may arrive on the letterhead of your insurer or benefits administrator. If you received a letter referencing “Fieldtex Products,” “E-First Aid Supplies,” or an over-the-counter benefit fulfillment vendor, this is the incident it relates to.
Class actions
Multiple lawsuits were filed within weeks of the breach disclosure and have since been consolidated before Judge Elizabeth A. Wolford in the Western District of New York.
The lead case is Ruszin v. Fieldtex Products Inc. (Case No. 6:25-cv-06768, WDNY), first filed December 15, 2025 by Mason LLP. On March 17, 2026, Judge Wolford consolidated seven related cases into that docket, terminating the individual actions (25-cv-6778, 25-cv-6799, 25-cv-6811, 25-cv-6817, 25-cv-6827, and 26-cv-6024). The court appointed four firms as Interim Co-Lead Counsel: Mason LLP (Gary E. Mason), Barnow and Associates, P.C. (Ben Barnow), Srourian Law Firm, P.C. (Daniel Srourian), and Israel David LLC (Israel David). Milberg PLLC filed the Stair case (January 7, 2026), which was absorbed into the consolidated proceeding.
On March 31, 2026, plaintiffs filed the Consolidated Amended Complaint on behalf of six named plaintiffs: Robert Ruszin, Pamela Wollenberg, Alegria Clark, Frank Hensley, Justin Stair, and Jessica Clark.
Additional firms that publicly announced investigations but have not appeared in the court docket include Abington Cole + Ellery, Federman & Sherwood, Almeida Law Group, and Cafferty Clobes Meriwether & Sprengel. ClassAction.org closed its investigation in December 2025 without reporting a separately filed case.
Keep your notification letter. It is your proof of class membership if the case is certified and a settlement fund is established.
What to do
- Place credit freezes at Equifax, Experian, and TransUnion. Freezes are free, reversible, and the highest-leverage protection against new accounts opened with the exposed identity elements.
- The Cyberscout monitoring enrollment window has closed (deadline was approximately March 3, 2026 for most recipients). If you have not yet enrolled and believe you are still within your letter’s deadline, contact the hotline at 833-866-8797 to confirm your options.
- Review your insurance Explanation of Benefits for unfamiliar providers or claims. Member ID exposure creates risk of medical identity theft that credit monitoring alone does not catch.
- Watch your Medicare Summary Notice if you are a Medicare Advantage member. Fraudulent billing under your member ID can appear months after a breach.
- File IRS Form 14039 if your Social Security number was separately exposed. Fieldtex’s own notice does not confirm SSN exposure, but Akira claimed broad document exfiltration; check your specific notification letter for the confirmed data elements.
- Keep your notification letter. A consolidated class action is now pending in federal court (Ruszin v. Fieldtex, WDNY). Your notification letter is your proof of class membership and will be required by any settlement claims administrator.
- Stop the ongoing flow of your health plan member data. HealthConsent files HIPAA restriction requests so the insurance and benefits information exposed in this breach is not continuously re-shared across health plan vendor networks.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Fieldtex Products — Notification of Data Security Incident (company substitute notice)
- HIPAA Journal — Health Plan Members' PHI Exposed in Cyberattack on Fieldtex Products
- SecurityWeek — Fieldtex Data Breach Impacts 238,000
- BankInfoSecurity — Fieldtex, TriZetto Reveal New Healthcare Breaches
- Abington Cole + Ellery — Fieldtex Products Data Breach Class Action Investigation
- Federman & Sherwood — Fieldtex Products Investigation
- Barnow and Associates — Fieldtex Products Investigation
- South Carolina AG — FieldTex Products Consumer Notice Letter (AmeriHealth)
- ClaimDepot — Fieldtex Products Data Breach Affects 274,363 Individuals (state AG filing tracker)
- HHS Office for Civil Rights Breach Portal
- PacerMonitor — Ruszin v. Fieldtex Products Inc. (6:25-cv-06768, WDNY) — Consolidated Class Action Docket
- PacerMonitor — Stair v. Fieldtex Products Inc. (6:26-cv-06024, WDNY) — Individual Case (consolidated)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.