Hims & Hers, a telehealth company, announced that hackers broke into a third-party customer support platform and stole data linked to customer service requests.
This adds to ongoing security concerns in the healthcare sector, which already faces pressure over protecting sensitive user information.
Breach centered on a third-party support platform
TechCrunch reported that Hims & Hers said attackers got into its third-party ticketing system between February 4 and February 7, taking a large number of support tickets with customer-submitted information.
The company’s notice said the stolen data included customer names and contact details, but did not specify what other personal data might have been taken.
TechBuzz also described the incident as a breach of the company’s customer support system, which was disclosed almost two months after it happened.
Hims says medical records were not affected
A key point in the disclosure is what Hims & Hers says was not accessed.
The company said customer medical records were not affected by the breach. However, the report also noted that support systems can still contain sensitive information, since users often share account concerns, personal details, and health-related context when seeking help. This means that even without access to formal medical records, attackers may have obtained private information.
Jake Martin, a spokesperson for Hims & Hers, shared that the company was targeted by a social engineering attack, where attackers tricked employees into giving them access. Martin said the stolen data “primarily included customer names and email addresses.” However, the company did not give more details about what else might have been taken when asked.
Number of affected customers is still unclear
Hims & Hers has not yet said how many people were affected.
TechCrunch reported that the company did not share the total number of individuals whose information may have been compromised. The report also noted that California law requires companies to notify the attorney general if a breach affects 500 or more state residents. This explains why the filing became public, even though the company has not given a full number.
Support systems are becoming a softer target
This incident is part of a larger trend in recent cyberattacks.
Customer support and ticketing systems are becoming more attractive to hackers because they store a lot of customer information. Take for example last year’s Discord breach as how support databases can expose sensitive identity documents and other personal records if compromised. In the case of Hims & Hers, the company did not reveal whether it had received any messages from the hackers, such as a ransom demand.
Why this matters for telehealth
For a company that sells weight-loss treatments and sexual-health prescriptions, even a breach that does not involve core medical records can be serious.
Telehealth platforms often connect health, identity, billing, and personal communication, so customer support data can reveal more than a typical help-desk file.
Hims & Hers says medical records were not affected, but the disclosure shows a tough reality for digital health providers: when users share sensitive questions with support, that channel can become a security risk.
