Advanced Healthcare Professionals Data Breach 2025: ~1,800 Texans Affected · Hacking/IT Incident · Houston, TX. Filed With HHS OCR + Texas AG.
Advanced Healthcare Professionals, a Houston-based personal care attendant services provider, reported a data breach to the Texas Attorney General on December 9, 2025 affecting approximately 1,800 Texans, then filed a HIPAA breach notification with HHS OCR on December 31, 2025 listing 800 individuals in a Hacking/IT Incident at a Network Server. Exposed data included Social Security numbers, driver's license numbers, dates of birth, and medical and insurance information.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Dec 9, 2025
Advanced Healthcare Professionals filed a data-breach notification with the Texas Attorney General's office reporting approximately 1,800 Texans affected.
Dec 9, 2025
The company began notifying affected individuals directly, as required under Texas law.
Dec 31, 2025
HHS Office for Civil Rights breach portal entry posted: 800 individuals, Hacking/IT Incident, Network Server.
Dec 9, 2025
Advanced Healthcare Professionals filed a data-breach notification with the Texas Attorney General's office reporting approximately 1,800 Texans affected.
Dec 9, 2025
The company began notifying affected individuals directly, as required under Texas law.
Dec 31, 2025
HHS Office for Civil Rights breach portal entry posted: 800 individuals, Hacking/IT Incident, Network Server.
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Advanced Healthcare Professionals, a Houston-based provider of personal care attendant services that has operated in Texas for more than a decade, reported a data security incident to the Texas Attorney General’s office on December 9, 2025 affecting approximately 1,800 Texas residents, and subsequently filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on December 31, 2025 listing 800 individuals in a Hacking/IT Incident at a Network Server. The discrepancy between the two filings has not been publicly reconciled; the Texas AG figure is generally the broader of the two and is reflected here as the working interim total.
The company has not publicly described how the intrusion occurred, when initial unauthorized access took place, or whether a ransomware group or other threat actor has been attributed to the event. Specifics of the response, containment, and remediation have not been disclosed beyond the regulatory filings.
Timeline
- December 9, 2025 — Advanced Healthcare Professionals filed a breach notification with the Texas Attorney General reporting approximately 1,800 Texans affected, and began direct notifications to affected individuals.
- December 12, 2025 — Public-facing reporting of the Texas AG filing began appearing in consumer-protection trackers.
- December 31, 2025 — HHS Office for Civil Rights breach portal entry posted: 800 individuals, Hacking/IT Incident, Network Server.
- As of May 2026 — No publicly filed class-action complaint has been identified in court dockets, though at least one plaintiffs’ firm portal is soliciting affected individuals for a lawsuit investigation.
Information exposed
Per the Texas Attorney General filing and consumer-protection reporting, the categories of personal and protected health information exposed include:
- Full name
- Address
- Social Security number
- Driver’s license number
- Government-issued ID number (passport or state ID)
- Date of birth
- Medical information
- Health insurance information
The combination of Social Security number, driver’s license number, and date of birth is the high-risk identity-theft trifecta. Inclusion of medical and insurance information further raises the risk of medical identity fraud, where stolen coverage is used to obtain prescriptions, procedures, or services in the patient’s name.
Credit monitoring and identity protection offering
Advanced Healthcare Professionals has not publicly disclosed whether complimentary credit monitoring or identity-theft protection is being offered to affected individuals. If you receive a notification letter, it should specify the duration, the vendor, and the enrollment deadline. If your letter omits this, contact the company directly to confirm.
Class-action status
As of this page’s last update, no class-action complaint against Advanced Healthcare Professionals has been identified on the federal PACER docket or major state court systems. Plaintiffs’ firms have begun soliciting potential class members through consumer-protection portals. Given the exposed data categories (SSN + DL + DOB + PHI), a class action is foreseeable; we will update this page when a complaint is filed.
What to do if you may be affected
- Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft.
- Watch for a notification letter at the address on file with Advanced Healthcare Professionals. The letter will list the specific data elements exposed and any complimentary credit-monitoring offered.
- Place a fraud alert if you do not want to freeze your credit outright; one bureau will propagate the alert to the other two.
- Monitor for medical identity theft: review the Explanation of Benefits statements from your health insurer for procedures or providers you do not recognize.
- Be cautious of phishing referencing the breach. Threat actors frequently follow breach announcements with targeted phishing campaigns that impersonate the breached entity or its claims administrator.
- Bookmark this page. We update it as new information becomes publicly available.
Sources on this page
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach (800 affected, Hacking/IT Incident, Network Server).
- Texas Attorney General Data Security Breach Reports — Texas state regulatory record (approximately 1,800 Texans affected).
- ClaimDepot — Advanced Healthcare Professionals Data Breach Impacts 1,800 Texans — independent consumer-protection summary of exposed data categories and notification timing.
- Texas Attorney General — Data Breach Reporting — the statutory framework under which the entity filed its Texas-side notification.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Texas Attorney General Data Security Breach Reports
- ClaimDepot — Advanced Healthcare Professionals Data Breach Impacts 1,800 Texans
- Texas Attorney General — Data Breach Reporting (statute & process)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.