Two people reviewing legal documents at a table with open books, with brass balance scales displayed prominently in the background.

Legal Update

AdvancedHEALTH

AdvancedHEALTH Data Breach–What You Need to Know & What to Do Next

Overview

AdvancedHEALTH reported a cybersecurity incident after the DragonForce ransomware group claimed responsibility for an attack in mid-May 2026. The incident potentially exposed protected health information and personal data belonging to hundreds of thousands of patients across Tennessee.

AdvancedHEALTH, also known as Advanced Medical Consultants, is Tennessee’s largest independent, multi-specialty physician group. The organization includes over 550 experienced healthcare providers across more than 40 specialties, providing comprehensive medical services throughout Middle Tennessee. The group operates multiple locations across the Nashville metropolitan area and surrounding communities.

AdvancedHEALTH’s specialties include bariatric surgery, breast surgery, cardiovascular thoracic surgery, colorectal surgery, dermatology, endocrinology, ENT & allergy, gastroenterology, obstetrics & gynecology, internal medicine, nephrology, neurology, neurosurgery, orthopaedic surgery, pain management, pediatrics, plastic surgery, podiatry, pulmonary medicine, radiology, rheumatology, sleep medicine, sports medicine, surgical oncology, and vascular surgery.

According to ransomware threat intelligence, DragonForce posted AdvancedHEALTH to its data leak site on May 16, 2026, with an estimated attack date of May 14, 2026. The threat actors claim to have stolen 2.3 million lines of full patient data, along with partner agreements, management files, payroll records, and HR files. The group has threatened to release 1,000 lines of patient data each day until ransom demands are met, and has already published an initial data leak.

DragonForce operates as a ransomware-as-a-service operation, exfiltrating sensitive data and threatening public disclosure to pressure victims. The group has been active in targeting healthcare organizations and has claimed multiple healthcare sector attacks in recent months.

What Information Was Exposed In the AdvancedHEALTH Data Breach?

According to the threat actors’ claims, the compromised data includes 2.3 million lines of full patient data, which could encompass names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses, treatment information, prescription records, insurance information, and other protected health information.

The breach also allegedly includes partner agreements, management files, payroll records, and HR files, which could contain employee personal information, business contracts, and financial records.

Given AdvancedHEALTH’s size and scope as Tennessee’s largest independent physician group serving patients across more than 40 specialties, the potential number of affected patients could be substantial.

How AdvancedHEALTH Responded to the Breach?

As of this writing, AdvancedHEALTH has not issued a public statement regarding the alleged ransomware attack. The organization has not confirmed the incident or provided details about its investigation or notification plans.

Healthcare providers that experience breaches involving protected health information are required to notify affected individuals, the U.S. Department of Health and Human Services, and in some cases the media, within specified timeframes under HIPAA. Tennessee also has data breach notification laws that would apply to AdvancedHEALTH.

How to Check If Your Personal Info Is Exposed

If you are a current or former patient of AdvancedHEALTH or any of its affiliated providers across Middle Tennessee, your protected health information and personal data may have been exposed in this breach. This includes patients who have received care at any of AdvancedHEALTH’s locations in Nashville, Gallatin, Lebanon, Hermitage, Mt. Juliet, and other Middle Tennessee communities.

Monitoring your accounts, reviewing credit reports and explanation of benefits statements, and watching for notification letters from AdvancedHEALTH are crucial steps in assessing your potential exposure.

What You Can Do If Your Information Was Exposed

If your medical information may have been part of the AdvancedHEALTH breach, review your financial accounts, credit reports, and medical explanation of benefits forms for any unfamiliar activity. Update account passwords, particularly for patient portals where you may have reused passwords.

Consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion). Be vigilant for signs of medical identity theft, including unexpected medical bills, explanation of benefits statements for services you did not receive, or insurance claims for treatments you did not undergo.

Be cautious of phishing attempts following this breach. Scammers may send emails or texts claiming to be from AdvancedHEALTH or healthcare providers. Verify any communications independently before responding or clicking links. Acting now can limit the long-term consequences and protect your personal, financial, and medical information.

Understanding Your Legal Rights: Data Breach Lawyer Near Me

Victims of data breaches may be entitled to legal remedies if a healthcare provider did not adequately safeguard their protected health information. Healthcare providers have heightened duties under HIPAA and state law to protect the sensitive medical and personal information they collect and maintain.

Almeida Law Group is actively reviewing the AdvancedHEALTH incident to determine what legal options may be available for those affected.

If you are a patient of AdvancedHEALTH and believe your medical information may have been exposed, you can contact Almeida Law Group for a free consultation