Supportive Home Health Care, Patriot Outpatient, LLC, Superior Care Plus and LLC: Patriot Outpatient Data Breach Affects 1,415 Patients

Northeast Ohio Healthcare Provider Reports Phishing-Led Data Breach Affecting 1,415 Individuals

Superior Care Plus, LLC (operating as Supportive Home Health Care and Patriot Outpatient, LLC) disclosed a data breach exposing the protected health information (PHI) and personally identifiable information (PII) of 1,415 patients. The incident stemmed from a phishing attack that compromised a single employee’s email account, first detected on November 17, 2025.

An investigation revealed that an unauthorized party accessed emails and files within the account, with the forensic review concluding on January 9, 2026. Exposed data included names, email addresses, health insurance policy numbers, treatment details, and residential information. For some individuals, Social Security numbers and Medicare numbers were also compromised.

Patriot Outpatient reported the breach to the U.S. Department of Health and Human Services (HHS) on January 16, 2026, and published a notice on its website. Affected individuals are being notified via mail, with a dedicated helpline (1-888-572-7322) established for inquiries. The company has implemented password changes and engaged cybersecurity experts to remediate the incident.

Source: https://www.claimdepot.com/data-breach/supportive-home-health-2026

Rehab Resources cybersecurity rating report: https://www.rankiteo.com/company/superior-care-plus

Supportive Home Health Care cybersecurity rating report: https://www.rankiteo.com/company/supportive-home-health-care

Patriot Healthcare cybersecurity rating report: https://www.rankiteo.com/company/patriot-healthcare

"id": "SUPSUPPAT1773081665",
"linkid": "superior-care-plus, supportive-home-health-care, patriot-healthcare",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '1415',
                        'industry': 'Healthcare',
                        'location': 'Northeast Ohio',
                        'name': 'Superior Care Plus, LLC (Supportive Home '
                                'Health Care and Patriot Outpatient, LLC)',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Phishing',
 'customer_advisories': 'Dedicated helpline (1-888-572-7322) established for '
                        'inquiries',
 'data_breach': {'number_of_records_exposed': '1415',
                 'personally_identifiable_information': ['Names',
                                                         'Email addresses',
                                                         'Health insurance '
                                                         'policy numbers',
                                                         'Treatment details',
                                                         'Residential '
                                                         'information',
                                                         'Social Security '
                                                         'numbers',
                                                         'Medicare numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Protected health information '
                                              '(PHI)',
                                              'Personally identifiable '
                                              'information (PII)']},
 'date_detected': '2025-11-17',
 'date_publicly_disclosed': '2026-01-16',
 'description': 'Superior Care Plus, LLC (operating as Supportive Home Health '
                'Care and Patriot Outpatient, LLC) disclosed a data breach '
                'exposing the protected health information (PHI) and '
                'personally identifiable information (PII) of 1,415 patients. '
                'The incident stemmed from a phishing attack that compromised '
                'a single employee’s email account.',
 'impact': {'data_compromised': 'Protected health information (PHI) and '
                                'personally identifiable information (PII)',
            'identity_theft_risk': 'High (Social Security numbers and Medicare '
                                   'numbers exposed)',
            'systems_affected': 'Employee email account'},
 'investigation_status': 'Completed (forensic review concluded on January 9, '
                         '2026)',
 'post_incident_analysis': {'corrective_actions': 'Password changes, '
                                                  'engagement of cybersecurity '
                                                  'experts',
                            'root_causes': 'Phishing attack leading to '
                                           'compromised employee email '
                                           'account'},
 'references': [{'source': 'Patriot Outpatient website'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': ['U.S. Department of '
                                                        'Health and Human '
                                                        'Services (HHS)']},
 'response': {'communication_strategy': 'Notice published on website, affected '
                                        'individuals notified via mail, '
                                        'dedicated helpline established',
              'containment_measures': 'Password changes',
              'third_party_assistance': 'Cybersecurity experts engaged'},
 'title': 'Northeast Ohio Healthcare Provider Reports Phishing-Led Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Compromised employee email account'}