Active breach tracker Phoenix, AZ HQ Disclosed March 12, 2026 Part of Doctor Alliance cluster

Team Select Data Breach 2026 (Doctor Alliance Vendor): 949 Arizona Pediatric Home Health Patients Exposed. Same Vendor as BAYADA, Amedisys, LHC Group. What To Do

Team Select Home Care, a national pediatric and adult home health provider headquartered in Phoenix, AZ, was caught in the Doctor Alliance vendor breach also affecting BAYADA, Amedisys, and LHC Group. 949 Arizona patients exposed — likely medically complex pediatric Medicaid/CHIP children. Threat actor 'Kazu' demanded $200K ransom. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Oct 31, 2025

Unauthorized actor begins accessing Doctor Alliance web portal

Nov 7, 2025

Kazu posts on underground forum claiming 1.24M files / 353 GB stolen; demands $200K ransom

Nov 12, 2025

Doctor Alliance discovers the incident; DataBreaches.net first report

Nov 13, 2025

Doctor Alliance network disruption

Jan 12, 2026

Doctor Alliance notifies downstream covered entities including Team Select

Mar 12, 2026

Team Select files with HHS OCR (949 Arizona individuals)

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number Driver's license / state ID

02

Health records

Don't expire and can't be reissued

Medical record numbers Primary and secondary diagnoses Detailed treatment plans with codes Medication and dosage Prescription information

03

Contact & insurance

Phishing + targeted scams

Full name Home address, phone, email Financial account information Medicare ID Safety measures Provider names Health insurance / billing / claim data

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Migliaccio & Rathod LLP (Doctor Alliance class action) Barnow & Associates (Doctor Alliance class action) Potter Handy (Doctor Alliance class action)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

Team Select Home Care is a national pediatric + adult home health and private-duty nursing provider headquartered in Phoenix, Arizona. Service mix is heavily weighted toward long-term pediatric skilled nursing — medically complex and technology-dependent children on Medicaid and CHIP — plus adult private-duty nursing. Locations span Arizona, Colorado, Florida, Illinois, Oklahoma, Pennsylvania, Texas, and others.

The 949-person Arizona-filed count likely reflects only the AZ-resident slice; total US patient count across Team Select’s footprint is much larger.

This breach did not originate at Team Select’s own systems. It originated at Doctor Alliance, LLC, a Dallas-based third-party vendor that facilitates physician signatures on Home Health Certifications and Plans of Care. The same Doctor Alliance vendor breach also affects:

Between October 31 and November 17, 2025, an unauthorized actor accessed Doctor Alliance’s web portal. The ransomware / extortion actor “Kazu” posted on an underground forum on November 7, claiming 1.24M files / 353 GB stolen and demanding $200,000 ransom. Doctor Alliance discovered the incident on November 12, 2025 and notified Team Select on January 12, 2026. Team Select filed with HHS OCR on March 12, 2026 — confirming 949 affected Arizona patients.

Why a pediatric medically complex population matters

Team Select’s Arizona book is dominated by long-term pediatric medically complex cases — children on home ventilators, with feeding tubes, complex medication regimens, and 24/7 nursing care needs. Exposed clinical detail likely includes:

  • Minor patients’ diagnoses, ventilator and feeding-tube specifications, medication regimens
  • Parent and legal guardian contact data
  • Medicaid and CHIP enrollment IDs (consistent with the disclosed “health insurance information” category, though not explicitly confirmed for the Team Select cohort)

Pediatric medical records carry long-tail synthetic-identity-theft risk that doesn’t surface for years after the breach.

What was stolen

Per the Doctor Alliance breach corpus (applicable to Team Select patients):

  • Full name, home address, phone, email
  • Date of birth
  • Social Security number
  • Driver’s license / state ID
  • Financial account information
  • Medicare ID
  • Medical record numbers
  • Primary and secondary diagnoses
  • Detailed treatment plans with codes
  • Safety measures, medication and dosage
  • Provider names, prescription information
  • Health insurance, billing, and claim data

A sample of 533 patient-file images was posted publicly by Kazu.

What Team Select is offering

Team Select’s specific offer is not confirmed in publicly indexed sources — the company’s prior domain (teamselecthh.com) is not currently reachable, and no dedicated breach notice page has been located on the current corporate site (tshc.com). Other Doctor Alliance downstream entities (BAYADA, Amedisys, LHC Group) have offered standard credit monitoring and identity-theft protection. Read your specific notification letter for activation details.

Class actions

Class actions are targeting Doctor Alliance, not Team Select directly. Active investigations and filings by Migliaccio & Rathod LLP, Barnow & Associates, and Potter Handy. A federal class action against Doctor Alliance has been filed.

What to do

  1. Read your specific notification letter to confirm what data elements were involved and what credit monitoring is offered.
  2. Enroll in any monitoring offered.
  3. Place free credit freezes at Equifax, Experian, TransUnion. Full SSN, driver’s license, and financial accounts are in scope.
  4. File IRS Form 14039.
  5. If your child was a Team Select patient, freeze their credit at all three bureaus (minors require manual outreach with proof of guardianship). Pediatric medically complex records create exceptionally long-tail synthetic-identity-theft risk.
  6. Watch your Medicare or Medicaid Summary Notice for unfamiliar home-health claims.
  7. Stop the ongoing flow of your pediatric home-health data. HealthConsent files HIPAA restriction requests across pediatric home-health, durable medical equipment, and prescription networks.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.