Active breach tracker Houston, TX Disclosed December 9, 2025

Advanced Healthcare Professionals Data Breach 2025: ~1,800 Texans Affected · Hacking/IT Incident · Houston, TX. Filed With HHS OCR + Texas AG.

Advanced Healthcare Professionals, a Houston-based personal care attendant services provider, reported a data breach to the Texas Attorney General on December 9, 2025 affecting approximately 1,800 Texans, then filed a HIPAA breach notification with HHS OCR on December 31, 2025 listing 800 individuals in a Hacking/IT Incident at a Network Server. Exposed data included Social Security numbers, driver's license numbers, dates of birth, and medical and insurance information.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Dec 9, 2025

Advanced Healthcare Professionals filed a data-breach notification with the Texas Attorney General's office reporting approximately 1,800 Texans affected.

Dec 9, 2025

The company began notifying affected individuals directly, as required under Texas law.

Dec 31, 2025

HHS Office for Civil Rights breach portal entry posted: 800 individuals, Hacking/IT Incident, Network Server.

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number Driver's license number Government-issued ID number (passport or state ID) Date of birth

03

Contact & insurance

Phishing + targeted scams

Full name Address Medical information Health insurance information
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Advanced Healthcare Professionals, a Houston-based provider of personal care attendant services that has operated in Texas for more than a decade, reported a data security incident to the Texas Attorney General’s office on December 9, 2025 affecting approximately 1,800 Texas residents, and subsequently filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on December 31, 2025 listing 800 individuals in a Hacking/IT Incident at a Network Server. The discrepancy between the two filings has not been publicly reconciled; the Texas AG figure is generally the broader of the two and is reflected here as the working interim total.

The company has not publicly described how the intrusion occurred, when initial unauthorized access took place, or whether a ransomware group or other threat actor has been attributed to the event. Specifics of the response, containment, and remediation have not been disclosed beyond the regulatory filings.

Timeline

  • December 9, 2025 — Advanced Healthcare Professionals filed a breach notification with the Texas Attorney General reporting approximately 1,800 Texans affected, and began direct notifications to affected individuals.
  • December 12, 2025 — Public-facing reporting of the Texas AG filing began appearing in consumer-protection trackers.
  • December 31, 2025 — HHS Office for Civil Rights breach portal entry posted: 800 individuals, Hacking/IT Incident, Network Server.
  • As of May 2026 — No publicly filed class-action complaint has been identified in court dockets, though at least one plaintiffs’ firm portal is soliciting affected individuals for a lawsuit investigation.

Information exposed

Per the Texas Attorney General filing and consumer-protection reporting, the categories of personal and protected health information exposed include:

  • Full name
  • Address
  • Social Security number
  • Driver’s license number
  • Government-issued ID number (passport or state ID)
  • Date of birth
  • Medical information
  • Health insurance information

The combination of Social Security number, driver’s license number, and date of birth is the high-risk identity-theft trifecta. Inclusion of medical and insurance information further raises the risk of medical identity fraud, where stolen coverage is used to obtain prescriptions, procedures, or services in the patient’s name.

Credit monitoring and identity protection offering

Advanced Healthcare Professionals has not publicly disclosed whether complimentary credit monitoring or identity-theft protection is being offered to affected individuals. If you receive a notification letter, it should specify the duration, the vendor, and the enrollment deadline. If your letter omits this, contact the company directly to confirm.

Class-action status

As of this page’s last update, no class-action complaint against Advanced Healthcare Professionals has been identified on the federal PACER docket or major state court systems. Plaintiffs’ firms have begun soliciting potential class members through consumer-protection portals. Given the exposed data categories (SSN + DL + DOB + PHI), a class action is foreseeable; we will update this page when a complaint is filed.

What to do if you may be affected

  • Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft.
  • Watch for a notification letter at the address on file with Advanced Healthcare Professionals. The letter will list the specific data elements exposed and any complimentary credit-monitoring offered.
  • Place a fraud alert if you do not want to freeze your credit outright; one bureau will propagate the alert to the other two.
  • Monitor for medical identity theft: review the Explanation of Benefits statements from your health insurer for procedures or providers you do not recognize.
  • Be cautious of phishing referencing the breach. Threat actors frequently follow breach announcements with targeted phishing campaigns that impersonate the breached entity or its claims administrator.
  • Bookmark this page. We update it as new information becomes publicly available.

Sources on this page

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.