On April 2, 2026, The New York Times published a profile of Matthew Gallagher, a 41-year-old entrepreneur from Los Angeles who used AI tools and $20,000 to build a telehealth company projecting $1.8 billion in revenue — with just two employees. The company, MEDVi, sells compounded GLP-1 weight-loss medications online. The Times framed it as the fulfillment of Sam Altman's prediction that AI would enable a single person to build a billion-dollar company.
It's a great story. There's just one problem: almost every patient-facing element of MEDVi appears to be fabricated.
The before-and-after photos are deepfakes. The doctors in the ads don't exist. The FDA issued a warning letter for false and misleading claims. The company's clinical infrastructure partner suffered a data breach exposing up to 1.6 million patient records. And a class-action lawsuit alleges that one of their key products — oral tirzepatide tablets — has no viable mechanism of absorption and cannot produce a therapeutic effect.
As a physician who prescribes GLP-1 medications every day, I find this story infuriating — not because someone built a fast-growing company with AI, but because the AI was used to manufacture trust that doesn't exist. And real people are injecting medications and swallowing tablets based on that manufactured trust.
The New York Times Told You a Fairy Tale
The Times profile reads like a Silicon Valley origin story. Gallagher launched MEDVi in September 2024, used ChatGPT, Claude, and other AI tools to build everything from the website code to the ad copy to the customer service chatbots. By his account, the company generated $401 million in sales in 2025 and is projecting $1.8 billion in 2026.
The Times was "given access" to Gallagher's financials to verify the numbers. But as independent analysis has pointed out, these are self-reported figures from a private Delaware LLC with no SEC filing, no audited financial statement, and no third-party verification. A founder showing a journalist his books is not the same as an audit.
What the Times profile did not mention is far more revealing than what it did.
What the Times Didn't Mention
Here's a timeline of what was publicly known about MEDVi before the Times published its glowing profile:
Every one of these facts was publicly available before the Times went to print. The Futurism investigation was nearly a year old. The FDA warning letter was on the FDA's own website. The class-action lawsuit was filed in federal court. And yet none of it appeared in the profile.
The Patients Are Fake
Futurism's investigation, published in May 2025 by reporter Maggie Harrison Dupré, found that MEDVi's website was a masterclass in AI-generated deception:
- Before-and-after photos were deepfakes. Real weight-loss images from years ago — taken from Reddit, Daily Mail, and Bored Panda — had their faces swapped using AI. One "patient," supposedly named "Michael P." who lost 48 pounds in five months on MEDVi's medications, was actually a Reddit user named u/iDoneDo whose transformation photos from 2017 documented his sobriety journey — years before semaglutide was even approved for weight loss.
- "Happy patient" images were AI-generated. The smiling individuals in sports bras and casual T-shirts showed telltale AI artifacts: unnaturally smooth hair, ears merging into heads, and the uncanny uniformity of generated faces.
- Media endorsement logos were misleading. MEDVi displayed logos from The New York Times, Bloomberg, Healthline, and Forbes — implying coverage from these outlets. Futurism found no evidence of NYT or Bloomberg mentions. The Forbes inclusion was from an independently produced "Best Of" affiliate list, not editorial coverage.
- Ad creatives contained AI-generated drug packaging. Futurism traced MEDVi's initial discovery to a digital ad featuring an obviously AI-generated Ozempic box with garbled text including "Solution fosic]" and "O)zenpic."
MEDVi's own website now includes a disclaimer acknowledging that individuals appearing in advertisements "may be actors or AI-generated portrayals." That disclaimer didn't exist when Futurism published its investigation. Think about what it means that a healthcare company is openly admitting its patient results are fabricated and its doctors may not be real.
The Doctors Are Fake Too
MEDVi's deception extends beyond patients to the physicians themselves. According to Futurism's reporting, the website listed real medical professionals — complete with names, headshots, and credentials — claiming they were part of MEDVi's care team. When Futurism contacted these doctors, at least one explicitly denied any association with MEDVi and requested to be removed from the site.
But it gets worse. In MEDVi's paid advertising — over 5,000 active ads on Meta's platform as documented in April 2026 — entirely fabricated doctor personas promote the service. Names like "Dr. Sarah Martin," "Dr. Monica Ashford," and "Dr. Lena Fischer" appear in Facebook ads wearing lab coats and offering medical endorsements. These people do not exist. They are fictional characters used to sell prescription medications.
As a physician, this is the part that makes my blood boil. A medical license represents years of training, board examinations, continuing education, and accountability. When a company fabricates doctors to sell drugs, they aren't just committing fraud — they're exploiting the trust that real physicians have earned. Every fake "Dr. Sarah Martin" makes it harder for patients to trust their actual doctor.
The FDA Warning Letter
On February 20, 2026 — six weeks before the Times profile — the FDA sent MEDVi a formal warning letter (Letter #721455). The specific violations:
- Misbranding: MEDVi displayed its own name on pictured medication labels, "suggesting MEDVi is the compounder of those drugs when in fact it is not." MEDVi is a marketing company. It doesn't compound anything.
- False implied FDA approval: Claims like "Same active ingredient as Wegovy® and Ozempic®" and "Same active ingredient as Mounjaro® and Zepbound®" implied that MEDVi's compounded products had been FDA-approved or evaluated for safety and effectiveness. They have not.
- Violation of federal law: The FDA determined these misbranded products were "introduced or delivered for introduction into interstate commerce in violation of section 301(a) of the FDCA."
To be clear: MEDVi was not the only company warned. In March 2026, the FDA issued warning letters to over 30 telehealth companies for similar violations. But MEDVi received its own individual letter — directly naming the company and its specific claims — and the Times didn't mention it.
As FDA Commissioner Marty Makary stated: "We are paying close attention to misleading claims being made by telehealth and pharma companies across all media platforms — and taking swift action."
The Oral Tirzepatide Problem
This may be the most scientifically damning element of the entire story. A nationwide class-action lawsuit filed in November 2025 against OpenLoop Health and Triad Rx — both part of MEDVi's clinical infrastructure — alleges that compounded oral tirzepatide tablets sold through their network are essentially inert.
The scientific argument is straightforward: there is no FDA-approved oral tirzepatide. Eli Lilly has spent years and billions of dollars developing an oral formulation of tirzepatide (currently in Phase 3 trials) precisely because peptides are notoriously difficult to absorb through the gastrointestinal tract. They require specialized absorption-enhancing delivery systems to survive stomach acid and reach the bloodstream.
The compounded oral tirzepatide tablets sold through the OpenLoop/Triad Rx network allegedly contained none of these delivery mechanisms. The lawsuit states they had "no demonstrated mechanism of absorption or efficacy" — meaning patients were paying hundreds of dollars for tablets that, according to the complaint, could not work as advertised.
Patients reported: no weight loss, actually gaining weight while taking the tablets, receiving defective or melting products, and being charged up to $399 without receiving their medication or a refund. These complaints are documented across BBB filings, Reddit posts, and the class-action complaint itself.
1.6 Million Patient Records Stolen
On January 7, 2026, OpenLoop Health — the white-label telehealth platform that provides MEDVi's clinical infrastructure — was breached by a threat actor using the handle "stuckin2019." The hacker claimed to have obtained 1.6 million patient records including names, addresses, email addresses, dates of birth, phone numbers, IP addresses, and medical information.
Because OpenLoop operates as a white-label provider, many patients may not even know their data was processed through OpenLoop's systems. If you signed up for MEDVi, your medical information was handled by OpenLoop — and may now be in the hands of a criminal. The exposed data included names, dates of birth, addresses, and medical information. Multiple class-action lawsuits have been filed alleging that OpenLoop failed to implement adequate data security measures and comply with HIPAA safeguards.
The Business Model: Acquire Customers, Outsource Everything
Understanding MEDVi's business model explains how all of this is possible. Gallagher didn't build a telehealth company. He built a marketing funnel.
MEDVi doesn't employ doctors. It doesn't compound medications. It doesn't run a pharmacy. It doesn't manage medical records. It partnered with CareValidate and OpenLoop Health for all clinical operations — the physicians, the prescription processing, the pharmacy fulfillment, and the regulatory compliance. Gallagher's entire job, by his own description, is customer acquisition.
AI handles everything else: the website code, the ad copy, the customer service chatbot, the analytics dashboards, the creative assets. The "two employees" are Gallagher and his brother, who "manages communication and filters out noise."
This is not healthcare. This is performance marketing wearing a lab coat. And when the lab coat is AI-generated, when the patient results are deepfaked, and when the doctors in the ads are fictional — what exactly are patients trusting?
| MEDVi-Style Operation | Physician-Led Practice | |
|---|---|---|
| Who evaluates you | A white-label medical group you've never heard of, contracted through a platform | A named, licensed physician who reviews your history and communicates directly |
| Patient testimonials | AI-deepfaked photos of stolen weight-loss journeys | Real outcomes from actual patients (or none at all — honesty over fabrication) |
| Doctors in ads | Fabricated personas with fake names and AI-generated photos | The actual physician who will treat you |
| Medication sourcing | Compounded by a third-party pharmacy, branded with the marketing company's name | Compounded by a named 503A/503B pharmacy with Certificate of Analysis |
| Who you contact with problems | An AI chatbot. Then maybe a customer service rep. The doctor who prescribed? Good luck finding them. | Your physician, directly |
| Data security | Your records processed by a white-label platform that suffered a 1.6M-record breach | HIPAA-compliant EMR with a BAA, controlled by your provider |
| Accountability when something goes wrong | A marketing company in Delaware with 2 employees | A licensed physician with a medical board, malpractice insurance, and a name |
How to Spot a Telehealth Red Flag
MEDVi is not the only company operating this way. The FDA warned 30+ telehealth companies in March 2026 alone. STAT News found that over 30% of the warned companies shared clinical infrastructure with just four medical groups. Many of these are marketing funnels masquerading as medical practices.
Here's how to protect yourself:
Red flags to watch for
- You can't find the name of a specific doctor who will treat you before you pay. If the site says "our medical team" without naming anyone — or lists doctors who appear on multiple unrelated telehealth sites — be suspicious.
- Before-and-after photos look too polished. Real patient results are messy — different lighting, different angles, different clothes. Deepfakes tend to be perfectly composed with matching backgrounds.
- The company brands the medication with its own name. If the vials say "CompanyName Semaglutide" rather than showing the actual compounding pharmacy name, the company is obscuring where your drugs actually come from.
- Prices seem impossibly low. If they're dramatically undercutting the market, ask yourself what they're cutting corners on. Often it's the medical oversight.
- You never speak to a healthcare provider before getting a prescription. A legitimate telehealth practice involves a real clinical evaluation — not just a checkout page.
- The site has logos from major media outlets. Check if those are real editorial mentions or paid affiliate content. Most of the time, they're the latter.
Questions to ask any telehealth provider
- What is the name and license number of the physician who will evaluate me?
- Which compounding pharmacy fills your prescriptions? Can I see a Certificate of Analysis?
- How will I communicate with my prescribing provider if I have a problem?
- Are you an independent medical practice, or a marketing company partnered with a medical group?
The Bottom Line
The MEDVi story is not really about one company. It's about what happens when the barriers to creating a "healthcare company" drop to $20,000 and a ChatGPT subscription.
AI is a powerful tool. It can streamline legitimate medical practices, improve patient communication, and reduce administrative overhead. But when the primary use of AI in a healthcare company is to generate fake doctors, fabricate patient results, produce misleading ad copy at scale, and replace human medical judgment with a checkout page — that's not innovation. That's fraud wearing a tech-forward costume.
The medications work. Tirzepatide, semaglutide — these are genuinely effective drugs with strong clinical evidence. But a drug is only as safe as the system that prescribes it, monitors it, and stands behind it. When that system is a two-person marketing operation running 5,000 Facebook ads with fake doctors, the drug isn't the product. You are.
Telehealth done right is a genuine advancement for patients. It eliminates geographic barriers, reduces costs, and makes physician oversight more accessible — not less. But it requires the same things in-person medicine requires: a real doctor, real accountability, real medications from real pharmacies, and honest communication. If any of those elements are fake, it's not telehealth. It's a storefront.
Sources cited in this article: The New York Times (April 2, 2026), Futurism / Maggie Harrison Dupré (May 29, 2025), FDA Warning Letter #721455 to MEDVi LLC (Feb 20, 2026), FDA Press Announcement — 30 Telehealth Warning Letters (March 3, 2026), STAT News (March 12, 2026), Chimicles Schwartz Kriner & Donaldson-Smith LLP — Oral Tirzepatide Class Action (Nov 2025), Almeida Law Group — OpenLoop Health Data Breach (2026), Paubox — OpenLoop Breach Analysis (March 26, 2026), Health Data Consortium — MEDVi Full Analysis (April 5, 2026), Charles & Systems / Substack — Independent Analysis (April 4, 2026), Coffeezilla/Voidzilla (April 4, 2026), Advisory Board (March 10, 2026), European Medical Journal (March 7, 2026).