Fieldtex products reports ransomware attack affecting 238,000 patients

Fieldtex Products, Inc., a New York-based medical supply fulfillment organization, is reporting a data breach that exposed protected health information of approximately 238,615 individuals. 

The company discovered unauthorized activity within its computer systems on or around August 19, 2025. The breach was claimed by the Akira ransomware group in early November, stating they had stolen approximately 14 GB of corporate data.

The threat actors announced they would make the stolen data available "soon" but as of December 2025, no files appeared to have been published on their leak site. The forensic investigation confirmed that a limited amount of protected health information may have been accessed during the incident. The compromised information includes:

• Patient names
• Addresses
• Dates of birth
• Insurance member identification numbers
• Plan names
• Effective terms
• Gender

Out of an abundance of caution, and on behalf of health plans that authorized direct notice, Fieldtex began notifying potentially affected individuals on November 20, 2025. The company submitted multiple breach reports to the U.S. Department of Health and Human Services' Office for Civil Rights, filing as a HIPAA business associate.

The company is offering complimentary credit monitoring services to individuals whose information may have been compromised in the incident. Fieldtex established a toll-free call center at (833) 866-8797, available from 8:00 AM to 8:00 PM Eastern Time, Monday through Friday (excluding holidays), to answer questions about the incident and address related concerns. Affected individuals can also contact the company via email at cyberincident@fieldtex.com or by writing to 2921 Brighton Henrietta Town Line Road, Rochester, NY 14623.