Enhabit Data Breach Affects 22,552 Patients: Details

On Feb. 5, 2026, Advanced Homecare Management, LLC dba Enhabit Home Health & Hospice "Enhabit," reported a data breach to the U.S. Department of Health and Human Services. The incident affected 22,552 individuals in the United States and involved sensitive patient information.

The incident was not caused by a direct attack on Enhabit Home Health & Hospice's systems, but rather through compromised credentials at Doctor Alliance, which provides a platform for transmitting medical information between doctors and home health agencies.

The unauthorized access took place in two separate windows: from Oct. 31, 2025, to Nov. 6, 2025, and again from Nov. 14, 2025, to Nov. 17, 2025.

During these periods, an unauthorized party accessed the Doctor Alliance platform using compromised credentials for a valid user account. This allowed the attacker to view data stored in the system, including names, addresses, dates of birth, gender, physician names, medical record numbers, certain clinical information and health plan numbers.

Notably, no Social Security numbers or financial information were exposed.

Enhabit posted an official notice to consumers on its website.

Enhabit Home Health & Hospice's response

Enhabit has encouraged all affected individuals to remain vigilant against identity theft and fraud. While no Social Security or financial data was involved, the exposure of both PII and PHI means there is still a risk of misuse. Those affected are advised to:

• Review account statements and monitor free credit reports for suspicious activity or errors
• Consider placing a fraud alert or security freeze on their credit reports with the major credit bureaus
• Contact the Federal Trade Commission or their state attorney general’s office if they suspect identity theft

A dedicated assistance line is available at 844-425-7470, Monday through Friday from 8 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays, to answer questions and provide support.