22,552 Individuals Affected by Advanced Homecare Management LLC Data Breach

February 22, 2026HIPAA News Today0

Advanced Homecare Management, LLC, with business name Enhabit Home Health & Hospice, in Dallas, Texas, reported a breach affecting the protected health information (PHI) of 22,552 individuals following unauthorized access to systems managed by a business associate.

Incident Notification and Regulatory Filing

Advanced Homecare Management filed a notification of a hacking and IT-related security incident with the U.S. Department of Health and Human Services on February 5, 2026. According to the report, the unauthorized access occurred on a network server, and the breach was formally submitted to federal regulators on that date.

Scope Of Compromised Information

Enhabit Home Health & Hospice informed affected individuals that their personal data and PHI may have been compromised. Categories of data potentially involved in the breach include individual names, Social Security numbers, medical data, health insurance details, and other sensitive information. The organization has not disclosed additional specifics about the nature of the data categories beyond those listed.

Business Associate and Unauthorized Access

The breach stemmed from a security incident involving a business associate, Doctor Alliance, which operates a platform that exchanges medical information among physicians and home health agencies or hospices. On December 5, 2025, Doctor Alliance notified Enhabit that its platform had been subject to unauthorized access during two separate periods: October 31 through November 6, 2025, and November 14 through November 17, 2025. An unauthorized actor used valid credentials for a user account to gain access to the platform, exposing protected health information stored there.

Protected Health Information Categories Identified

The information accessed through the platform included patient names, addresses, dates of birth, gender details, physician names, medical record numbers, clinical data, and health plan identifiers. Enhabit stated that Social Security numbers and financial information were not compromised in the unauthorized access.

Regulatory Reporting and Status

The breach notification has been submitted to federal regulators, but the incident is not yet listed on the U.S. Department of Health and Human Services Office for Civil Rights (OCR) breach portal at the time of reporting.

Investigation and Legal Review

Federman & Sherwood, a law firm specializing in data breach litigation, is investigating whether Advanced Homecare Management implemented appropriate cybersecurity safeguards and whether affected individuals may have legal claims related to the breach.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.