Standards Home Health, Inc., a Texas-based in-home healthcare provider doing business as Adaptive Home Health, reported a significant data breach involving sensitive personally identifiable information and protected health information on January 5, 2026. The company notified the Texas Attorney General and began reaching out to affected patients following the discovery of the breach. Investigation into the incident was launched on January 6, 2026, by Strauss Borrelli PLLC, a law firm specializing in data breach and privacy matters. Standards Home Health serves approximately 2,000 patients weekly and employs over 300 staff members, meaning a substantial number of individuals could be impacted by the compromised data.
The breach exposed sensitive data that healthcare providers are legally required to protect under federal privacy laws. For patients who received physical therapy, orthopedic rehabilitation, specialty wound care, infusion therapy, or nursing services from Standards Home Health, the exposed information could potentially include names, addresses, Social Security numbers, insurance information, and detailed health records. The exact number of affected individuals has not been publicly disclosed, though the company’s patient volume suggests the potential exposure is substantial.
Table of Contents
- What Data Was Compromised in the Standards Home Health Breach?
- Why Does the Standards Home Health Breach Matter Legally?
- How Many People Were Affected by the Breach?
- What Should Affected Individuals Do?
- What Legal Options Do Affected Individuals Have?
- How Does This Breach Reflect Broader Healthcare Cybersecurity Challenges?
- What Should Patients Know About Settlement Compensation?
What Data Was Compromised in the Standards Home Health Breach?
Standards Home Health reported that the breach involved both personally identifiable information (PII) and protected health information (PHI). PII typically includes names, addresses, phone numbers, social Security numbers, and financial information. PHI includes detailed medical records, diagnoses, treatment histories, medication lists, and insurance details.
Because Standards Home Health provides comprehensive in-home healthcare services—including physical therapy, orthopedic rehabilitation, specialty wound care, infusion therapy, and nursing care—the breached records likely contained detailed clinical information about patients’ medical conditions and treatment plans. The combination of PII and PHI in a single breach creates heightened risk for identity theft and medical fraud. For example, a bad actor with access to both a patient’s Social Security number and their insurance information could potentially file fraudulent claims or open accounts in the patient’s name. Additionally, sensitive health information could be sold on the dark web or used for targeted scams where criminals impersonate healthcare providers requesting updated insurance or banking information.
Why Does the Standards Home Health Breach Matter Legally?
Healthcare data breaches fall under the jurisdiction of the Health Insurance Portability and Accountability Act (HIPAA), which establishes strict requirements for protecting patient privacy and mandates breach notification procedures. Standards Home Health’s immediate notification to the Texas Attorney General and affected individuals suggests compliance with these notification requirements, but the breach itself indicates a failure in the company’s data security practices. When healthcare providers fail to implement and maintain adequate security safeguards, they may face regulatory penalties, lawsuits from affected patients, and settlement obligations.
However, if Standards Home Health can demonstrate that they took reasonable security measures and were victims of a sophisticated attack—rather than neglecting basic security practices—their liability exposure may be more limited. The investigation being conducted by Strauss Borrelli PLLC will likely examine whether the company failed to implement standard protections like encryption, multi-factor authentication, or regular security audits. If negligence is found, affected individuals may have grounds for a class action lawsuit seeking compensation for costs related to credit monitoring, identity theft prevention, time spent addressing the breach, and damages for the unauthorized disclosure of private health information.
How Many People Were Affected by the Breach?
At the time Standards Home Health reported the breach in early January 2026, the company had not publicly disclosed the total number of affected individuals. Given that the company serves over 2,000 patients per week and employs 300 staff members, the potential affected population could be very large. The actual number likely depends on factors such as the timeframe during which the breach occurred, which systems were compromised, and whether only current patients or also former patients were impacted.
The delayed disclosure of specific numbers is not uncommon in healthcare breaches, as determining the exact scope of compromised data can take time. However, affected individuals who believe their information was exposed have the right to know specific details about what was compromised and when the company discovered the breach. Patients who received services from Standards Home Health or Adaptive Home Health during the relevant time period should monitor official notifications from the company and consider placing a fraud alert or credit freeze with the major credit bureaus as a precautionary measure, regardless of whether they’ve received formal notice of the breach.
What Should Affected Individuals Do?
Patients who received services from Standards Home Health or Adaptive Home Health should take several protective steps immediately. First, monitor your credit reports by requesting free reports from all three major credit bureaus (Equifax, Experian, and TransUnion) at annualcreditreport.com. Look for any accounts or inquiries you don’t recognize. Second, consider placing a fraud alert on your credit file, which alerts lenders to verify your identity before opening new accounts.
Third, monitor your explanation of benefits (EOB) statements from your health insurance for any medical services you didn’t receive, as this is a common indicator of medical identity theft. Unlike a credit freeze, which completely restricts new credit inquiries, a fraud alert remains in place for one year and can be renewed. A fraud alert is appropriate if you suspect your information may have been compromised, while a credit freeze is a more aggressive step that requires lifting temporarily whenever you want to apply for credit. Additionally, watch for unsolicited calls or emails claiming to be from healthcare providers or insurance companies asking for personal information—this is a common scam targeting healthcare breach victims. Never provide sensitive information to unsolicited callers, even if they claim to represent Standards Home Health or your insurance company.
What Legal Options Do Affected Individuals Have?
Affected individuals may have the right to pursue compensation through a class action lawsuit against Standards Home Health for negligent data security practices. Class action lawsuits consolidate claims from many affected parties, allowing them to pursue legal action without bearing the full cost of litigation. In healthcare data breach cases, settlements often include compensation for costs related to identity theft protection services, credit monitoring, out-of-pocket expenses incurred due to the breach, and sometimes additional damages for the violation of privacy rights. However, not all healthcare data breaches result in successful lawsuits or settlements.
Whether a case has merit depends on evidence showing that the company failed to implement reasonable security safeguards, that the breach caused actual damages, and that a causal connection exists between the company’s negligence and the plaintiff’s losses. Some lawsuits are dismissed on technical grounds even when breaches occur. Individuals interested in pursuing legal action should monitor for official settlement notices or class action filings, which are typically advertised in legal publications and announced by law firms handling the cases. Strauss Borrelli PLLC’s investigation, announced on January 6, 2026, is one avenue through which affected parties may eventually receive compensation.
How Does This Breach Reflect Broader Healthcare Cybersecurity Challenges?
The Standards Home Health breach is part of a wider pattern of healthcare data breaches affecting providers nationwide. The healthcare sector is a frequent target for cyberattacks because health records contain valuable information that criminals can monetize through identity theft, insurance fraud, and medical record theft. Healthcare organizations of all sizes—from small home health agencies to large hospital systems—struggle with balancing patient care priorities against cybersecurity investments.
In-home healthcare providers like Standards Home Health may face particular challenges because they operate distributed care networks with multiple patient locations and employees working in the field, which can complicate data security enforcement. The January 2026 breach timeline shows that even companies serving thousands of patients across multiple service lines can suffer significant security failures. The fact that this breach was discovered and reported within days suggests either that the company has breach detection systems in place or that the breach was discovered by external notification, which underscores the importance of strong threat monitoring and incident response protocols.
What Should Patients Know About Settlement Compensation?
Patients affected by healthcare data breaches often question whether they’ll actually receive compensation through settlements. Historical healthcare data breach settlements have varied widely in value. Some settlements provide each class member with modest compensation ($50-$500 per person), while others offer primarily non-cash benefits like free credit monitoring services for several years.
The settlement amount typically depends on the severity of the breach, the company’s financial capacity to pay, and the strength of evidence showing negligence. As the investigation by Strauss Borrelli PLLC develops, more information about the potential settlement value and timeline will likely emerge. Affected individuals should keep records of any expenses they incur related to the breach, including fees for identity theft protection services, credit freeze costs, and time spent addressing identity theft incidents. These documented expenses can support claims for compensation if a lawsuit or settlement is pursued.