Team Select Data Breach 2026 (Doctor Alliance Vendor): 949 Arizona Pediatric Home Health Patients Exposed. Same Vendor as BAYADA, Amedisys, LHC Group. What To Do
Team Select Home Care, a national pediatric and adult home health provider headquartered in Phoenix, AZ, was caught in the Doctor Alliance vendor breach also affecting BAYADA, Amedisys, and LHC Group. 949 Arizona patients exposed — likely medically complex pediatric Medicaid/CHIP children. Threat actor 'Kazu' demanded $200K ransom. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Oct 31, 2025
Unauthorized actor begins accessing Doctor Alliance web portal
Nov 7, 2025
Kazu posts on underground forum claiming 1.24M files / 353 GB stolen; demands $200K ransom
Nov 12, 2025
Doctor Alliance discovers the incident; DataBreaches.net first report
Nov 13, 2025
Doctor Alliance network disruption
Jan 12, 2026
Doctor Alliance notifies downstream covered entities including Team Select
Mar 12, 2026
Team Select files with HHS OCR (949 Arizona individuals)
Oct 31, 2025
Unauthorized actor begins accessing Doctor Alliance web portal
Nov 7, 2025
Kazu posts on underground forum claiming 1.24M files / 353 GB stolen; demands $200K ransom
Nov 12, 2025
Doctor Alliance discovers the incident; DataBreaches.net first report
Nov 13, 2025
Doctor Alliance network disruption
Jan 12, 2026
Doctor Alliance notifies downstream covered entities including Team Select
Mar 12, 2026
Team Select files with HHS OCR (949 Arizona individuals)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Team Select Home Care is a national pediatric + adult home health and private-duty nursing provider headquartered in Phoenix, Arizona. Service mix is heavily weighted toward long-term pediatric skilled nursing — medically complex and technology-dependent children on Medicaid and CHIP — plus adult private-duty nursing. Locations span Arizona, Colorado, Florida, Illinois, Oklahoma, Pennsylvania, Texas, and others.
The 949-person Arizona-filed count likely reflects only the AZ-resident slice; total US patient count across Team Select’s footprint is much larger.
This breach did not originate at Team Select’s own systems. It originated at Doctor Alliance, LLC, a Dallas-based third-party vendor that facilitates physician signatures on Home Health Certifications and Plans of Care. The same Doctor Alliance vendor breach also affects:
- BAYADA Home Health Care
- Amedisys (Optum subsidiary)
- LHC Group (Optum subsidiary)
Between October 31 and November 17, 2025, an unauthorized actor accessed Doctor Alliance’s web portal. The ransomware / extortion actor “Kazu” posted on an underground forum on November 7, claiming 1.24M files / 353 GB stolen and demanding $200,000 ransom. Doctor Alliance discovered the incident on November 12, 2025 and notified Team Select on January 12, 2026. Team Select filed with HHS OCR on March 12, 2026 — confirming 949 affected Arizona patients.
Why a pediatric medically complex population matters
Team Select’s Arizona book is dominated by long-term pediatric medically complex cases — children on home ventilators, with feeding tubes, complex medication regimens, and 24/7 nursing care needs. Exposed clinical detail likely includes:
- Minor patients’ diagnoses, ventilator and feeding-tube specifications, medication regimens
- Parent and legal guardian contact data
- Medicaid and CHIP enrollment IDs (consistent with the disclosed “health insurance information” category, though not explicitly confirmed for the Team Select cohort)
Pediatric medical records carry long-tail synthetic-identity-theft risk that doesn’t surface for years after the breach.
What was stolen
Per the Doctor Alliance breach corpus (applicable to Team Select patients):
- Full name, home address, phone, email
- Date of birth
- Social Security number
- Driver’s license / state ID
- Financial account information
- Medicare ID
- Medical record numbers
- Primary and secondary diagnoses
- Detailed treatment plans with codes
- Safety measures, medication and dosage
- Provider names, prescription information
- Health insurance, billing, and claim data
A sample of 533 patient-file images was posted publicly by Kazu.
What Team Select is offering
Team Select’s specific offer is not confirmed in publicly indexed sources — the company’s prior domain (teamselecthh.com) is not currently reachable, and no dedicated breach notice page has been located on the current corporate site (tshc.com). Other Doctor Alliance downstream entities (BAYADA, Amedisys, LHC Group) have offered standard credit monitoring and identity-theft protection. Read your specific notification letter for activation details.
Class actions
Class actions are targeting Doctor Alliance, not Team Select directly. Active investigations and filings by Migliaccio & Rathod LLP, Barnow & Associates, and Potter Handy. A federal class action against Doctor Alliance has been filed.
What to do
- Read your specific notification letter to confirm what data elements were involved and what credit monitoring is offered.
- Enroll in any monitoring offered.
- Place free credit freezes at Equifax, Experian, TransUnion. Full SSN, driver’s license, and financial accounts are in scope.
- File IRS Form 14039.
- If your child was a Team Select patient, freeze their credit at all three bureaus (minors require manual outreach with proof of guardianship). Pediatric medically complex records create exceptionally long-tail synthetic-identity-theft risk.
- Watch your Medicare or Medicaid Summary Notice for unfamiliar home-health claims.
- Stop the ongoing flow of your pediatric home-health data. HealthConsent files HIPAA restriction requests across pediatric home-health, durable medical equipment, and prescription networks.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HIPAA Journal: Vendor Data Breaches by Six HIPAA-Regulated Entities
- HIPAA Journal: Doctor Alliance Data Breach Claim
- DataBreaches.net: Doctor Alliance Data Breach
- Migliaccio & Rathod: Doctor Alliance Investigation
- Barnow Law: Doctor Alliance Investigation
- Team Select Home Care Corporate Site
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.