DRH Health data breach exposes sensitive medical information of 724 patients

Key facts: DRH Health data breach

• Date occurred: October 31, 2025
• Date reported: April 30, 2026
• Target entity: DRH Health
• Source of breach: Unknown, unauthorized third-party
• Data types: Names, addresses, dates of birth, dates of service, health insurance information, medical diagnosis and treatment information, prescription information
• Status: Confirmed; reported on April 30, 2026.
• Severity: Medium; the exposure of protected health information (PHI) for hundreds of patients increases the risk of medical identity theft and targeted fraud.

What happened in the DRH Health data breach?

DRH Health (duncanregional.com), a healthcare provider based in Oklahoma, reported a data breach on April 30, 2026. The incident originated at its third-party vendor, Doctor Alliance, a healthcare technology firm. The breach primarily impacted patients associated with Duncan Regional Home Care and Chisholm Trail Hospice. No specific threat actor has been identified as being responsible for the attack.

According to the investigation, unauthorized actors utilized compromised credentials and automated scripts to intermittently access the Doctor Alliance web portal between October 31 and November 17, 2025. DRH Health confirmed that 724 patients were affected, with exposed data including names, addresses, dates of birth, and sensitive medical information such as diagnoses and prescriptions. This incident is classified as medium severity due to the sensitive nature of the health insurance and treatment details involved. Such exposures typically heighten the risk of medical identity theft and sophisticated phishing attempts.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for DRH Health customers

The exposure of sensitive medical data, including diagnoses and prescription information, poses a significant risk of medical identity theft for the 724 affected patients. Unauthorized individuals could potentially use this information to obtain medical services or medications under a victim's name or file fraudulent insurance claims. Additionally, the presence of names and physical addresses makes these individuals prime targets for targeted phishing campaigns designed to solicit further financial information.

Healthcare organizations often face regulatory scrutiny and a loss of patient trust following such leaks. Affected individuals should carefully review their medical billing statements and insurance 'Explanation of Benefits' for any unrecognized activity. Taking proactive steps, such as monitoring credit reports and being wary of unsolicited communications, can help mitigate these risks. Transparency regarding the breach timeline is a necessary step in the recovery process.

How to protect against similar security incidents

Following the data breach at DRH Health involving Doctor Alliance, patients and healthcare partners should take immediate steps to secure their personal and medical information.

• Monitor medical and insurance statements. Carefully review all Explanation of Benefits (EOB) forms and medical bills for services or prescriptions you did not receive. Contact your insurance provider or DRH Health immediately if you identify any discrepancies or unauthorized claims.
• Enable phishing-resistant multi-factor authentication. Secure all healthcare and insurance portal accounts with multi-factor authentication (MFA) to prevent unauthorized access via compromised credentials. Be highly skeptical of emails or phone calls requesting personal details, as attackers may use your medical history to appear legitimate.
• Implement continuous third-party monitoring. For healthcare organizations, deploy attack surface management tools to monitor the security posture of third-party vendors like Doctor Alliance. Ensure all vendors adhere to strict credential management policies and have protections in place against automated script-based attacks.

Vigilance and proactive monitoring are the most effective ways to protect against the long-term consequences of a healthcare-related data breach.

Frequently asked questions

What happened in the DRH Health security breach?

On April 30, 2026, DRH Health (duncanregional.com) disclosed a security breach. According to initial reports, the incident involved unauthorized access to the web portal of a third-party vendor, Doctor Alliance, which impacted 724 patients of Duncan Regional Home Care and Chisholm Trail Hospice.

When did the DRH Health breach occur?

The DRH Health breach was publicly reported on April 30, 2026. The exact date of the unauthorized access was identified as occurring intermittently between October 31 and November 17, 2025.

What data was exposed?

The types of data involved in the DRH Health incident include names, addresses, dates of birth, dates of service, health insurance information, medical diagnosis and treatment information, and prescription information.

Is my personal information at risk?

If you interacted with DRH Health or its hospice and home care services, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

DRH Health has investigated the scope of the breach and identified the affected individuals. The organization is expected to review its third-party security protocols, provide guidance to those impacted, and may deploy enhanced attack surface management to prevent future credential-based incidents.

‍

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.