LHC Group patients affected by Doctor Alliance vendor data breach
LHC Group patients had their protected health information compromised due to a security incident at their technology vendor, Doctor Alliance. The breach, confined to Doctor Alliance's web-based portal, exposed names, dates of birth, demographic and health information, and insurance details for 8,644 individuals.
Signal context
First seen: May 22, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Data breach at third-party vendor Doctor Alliance.
- 8,644 LHC Group individuals affected.
- Exposed data includes PII and PHI.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Confidentiality
Likely asset: User or customer data
- 14 signals in the same sector
- 66 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
May 2026 Data Breach Round Up: Data Breaches Affect 9 HIPAA-regulated Entitieshttps://www.hipaajournal.com/may-2026-data-breach-round-up/Public source from hipaajournal.com.
LHC Group, Inc.is providing notice of a recent data privacy event experienced by Doctor Alliance, a third- party vendor to us anhttps://lhcgroup.com/wp-content/uploads/Website-Notice-2.27.2026.pdfPublic source from lhcgroup.com.
Related signals
Grouped by why the signal is relevant.
Texas Parks and Wildlife Department data breach exposes over 3 million driver's licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. The compromised data included driver's license information, passport numbers, email addresses, phone numbers, and residential addresses. Social Security Numbers, dates of birth, or financial information were not impacted.
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo of America confirmed that survey data was stolen from TinyPulse, a third-party service used internally for employee surveys. The company emphasized that its own systems were not compromised, and no personal customer or financial data was accessed. The data involved was limited to internal survey content from a small subset of employees, with most information dating back several years. The Shadowbyt3$ extortion group claimed responsibility, demanding a $2 million ransom.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.
SoFi Hong Kong Confirms Third-Party Data Breach
SoFi Hong Kong, a subsidiary of the U.S.-based financial technology company SoFi, confirmed a data breach after unauthorized access was gained to a customer information database managed by a third-party vendor. The incident was detected on April 30, 2026, and publicly disclosed on June 8, 2026. The compromised data included names, dates of birth, addresses, email addresses, phone numbers, and employment and education information. The company stated that no account passwords or financial account numbers were reportedly exposed. The attack involved social engineering and exploitation of third-party vendor access. SoFi Hong Kong advised customers to remain vigilant for phishing attempts and suspicious activity.
NYC Health + Hospitals Data Breach Exposes 1.8 Million Records Including Biometrics
NYC Health + Hospitals experienced a major data breach, reportedly impacting about 1.8 million people. Attackers accessed and exfiltrated highly sensitive data, including personal information, medical records, insurance details, Social Security numbers, passports, driver's licenses, billing data, and biometric data such as fingerprints and palm prints. The intrusion began in November 2025, with suspicious activity detected on February 2, 2026. While the breach was reported to HHS on March 24, 2026, widespread public notification became prominent in May 2026, with reports on May 24, 2026. The incident is attributed to a third-party vendor compromise.
Singing River Health System reports data breach affecting patient information
Singing River Health System notified patients about a hacking incident where an unauthorized party accessed its computer network between December 19-21, 2025. Files containing patient information, including names, contact info, SSNs, driver's license numbers, dates of birth, bank account info, and health insurance details, were viewed and potentially copied.