BAYADA Data Breach Exposes Sensitive Health and Personal Information
BAYADA, a healthcare provider, recently disclosed a data breach involving sensitive personal and health information after its third-party vendor, Doctor Alliance, suffered a cybersecurity incident. The breach was first reported to BAYADA on December 4, 2025, prompting an investigation into the scope of the exposure.
Doctor Alliance confirmed that unauthorized access to its systems occurred during two separate periods: October 31–November 6, 2025, and November 14–17, 2025. The compromised data may include:
- Full names
- Social Security numbers
- Dates of birth
- Medical diagnoses and treatment details
- Provider and health insurance information
- Prescription records
- Hospital admission/discharge data
- Disability information
BAYADA posted a breach notice on its website and began mailing notifications to affected individuals on January 30, 2026. Impacted parties are being offered 12 months of complimentary credit monitoring and a detailed list of the exposed data specific to their records. The incident underscores the risks of third-party vendor vulnerabilities in healthcare data security.
Source: https://straussborrelli.com/2026/02/03/bayada-home-health-care-data-breach-investigation/
BAYADA TPRM report: https://www.rankiteo.com/company/bayada-home-health-care
Doctor Alliance TPRM report: https://www.rankiteo.com/company/doctor-alliance
"id": "docbay1770196217",
"linkid": "doctor-alliance, bayada-home-health-care",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'BAYADA',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare Services',
'name': 'Doctor Alliance',
'type': 'Third-party Vendor'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Affected individuals are being offered 12 months of '
'complimentary credit monitoring and a detailed list '
'of the exposed data specific to their records.',
'data_breach': {'personally_identifiable_information': ['Full names',
'Social Security '
'numbers',
'Dates of birth',
'Provider and health '
'insurance '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information',
'Health Information']},
'date_detected': '2025-12-04',
'date_publicly_disclosed': '2026-01-30',
'description': 'BAYADA, a healthcare provider, recently disclosed a data '
'breach involving sensitive personal and health information '
'after its third-party vendor, Doctor Alliance, suffered a '
'cybersecurity incident. The breach was first reported to '
'BAYADA on December 4, 2025, prompting an investigation into '
'the scope of the exposure. Doctor Alliance confirmed '
'unauthorized access to its systems during two separate '
'periods: October 31–November 6, 2025, and November 14–17, '
'2025. The compromised data may include full names, Social '
'Security numbers, dates of birth, medical diagnoses and '
'treatment details, provider and health insurance information, '
'prescription records, hospital admission/discharge data, and '
'disability information.',
'impact': {'data_compromised': 'Sensitive personal and health information',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the risks of third-party vendor '
'vulnerabilities in healthcare data security.',
'post_incident_analysis': {'root_causes': 'Third-party vendor vulnerability'},
'references': [{'source': 'BAYADA Breach Notice'}],
'response': {'communication_strategy': 'Breach notice posted on website and '
'mailed notifications to affected '
'individuals'},
'title': 'BAYADA Data Breach Exposes Sensitive Health and Personal '
'Information',
'type': 'Data Breach'}