Whistleblower Files Suit Against Verily Alleging Widespread Patient Data Breach

A former executive of Alphabet-owned health-tech startup Verily has alleged that the company violated the Health Insurance Portability and Accountability Act (HIPAA) after it used patient data without authorization. According to CNBC, the whistleblower suit against Verily was in 2024. alleges that the startup fired him after he discovered the violations and informed the senior management.

The Patient Privacy Breach Lawsuit

The former executive, Ryan Sloan has detailed the Verily Healthcare privacy violation allegations in a complaint that’s pending in a San Francisco federal court. On September 8, 2025, the judge overseeing the case denied a request by the health tech startup to dismiss the complaint or refer it for arbitration. Verily views the complaint as an employment matter.

″Verily believes the allegations and contentions alleged in this employment matter that was commenced in 2023 are completely without merit. Verily is an equal opportunity employer, and takes its responsibility and commitment to abide by all laws and regulations seriously,” Verily spokesperson told CNBC in a statement.

Sloan joined Verily in 2020 as the Chief Commercial Officer for the startup’s diabetes and hypertension unit called Verily Onduo. In January 2022, the former executive alleged that he, alongside Onduo’s general counsel, Julia Feldman, realized that the startup had used patients’ data improperly. According to the former executive, Verily used the data in its marketing campaigns, research, national conferences, and press releases with little consideration to the legal implications of the HIPAA.

Privacy Breach Affected Big Clients

In the court complaint amended in June 2025, Sloan alleges that the extensive violation of patient data affected 25,000 patients who were on the Onduo diabetes program at the time. The complaint also states that Sloan and Feldman repeatedly raised patient data privacy concerns at Alphabet’s Verily with senior leaders.

According to the court filing, an internal federal investigation into Verily data confirmed various HIPAA breaches had taken place.

“Between January and March of 2022, internal investigators at Verily confirmed multiple breaches of fourteen (14) separate HIPAA Business Associate Agreements with large, covered entity clients of Onduo between 2017 and 2021,” the filing stated. Patients who accessed the diabetes program through these big clients, and are likely affected by the violations, include Highmark Health, Quest Diagnostics, Walgreens Boots Alliance, and Delta Airlines.

Without commenting on the lawsuit, Delta Airlines has said, “our employee’s personal information is important to us. We are looking into this and will make sure any impact to our people is appropriately addressed.”

Data privacy and consent have become a big issue across industries. In the tech industry, Amazon announced plans to discontinue Alexa’s local voice recording after data privacy concerns emerged. In 2024, a lobby group filed privacy complaints against Meta in 11 EU countries over concerns that the social media giant could use personal data to train AI models.

Breach of HIPAA Provisions

The HIPAA protects patient data in the U.S. Under this law, sensitive information should not be disclosed without the consent of a patient. The law also requires firms like Verily to inform patients who are affected by a data breach within 60 days of discovering the violation.

Sloan’s lawsuit outlines how Verily violated these provisions. In the court filing, the former executive states that the startup “decided to delay the decision of notifying the covered entities.” Instead, Verily negotiated for renewal of most of the contracts “without revealing that a HIPAA breach had recently occurred.”

The filing further states that, “During a contract negotiation between Verily and Highmark Health in August of 2022, Verily represented that it was in compliance with HIPAA at all times, while knowingly concealing that a HIPAA breach had occurred,” the filing said.

The health-tech startup terminated Sloan in January 2023. Prior to his termination, the former executive says he raised the Verily healthcare privacy violation issue with the then CEO Lisa Greenbaum in October 2022. Greenbaum allegedly defended the startup’s decision.

Sloan’s lawsuit is one among many mis-steps at Verily. The health-tech startup has struggled to develop a winning product even after raising over $1 billion from investors. Initially, the startup developed products such as continuous glucose monitors before switching to precision health.