Archer Health, Inc. Under Investigation for Data Breach of Patient Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach involving unauthorized access to records held by Archer Health, Inc. (“Archer Health” or “Archer Home Health”), a California-based provider of in-home healthcare services.
Towards the end of August 2025, cybersecurity researcher Jeremiah Fowler discovered databases originating from Archer Health that were not password protected or encrypted. These databases contained extensive patient information, including names, patient identification numbers, Social Security numbers, physical addresses, phone numbers; documents marked as assessments; home health certifications; plan of care documents; discharge forms that contained protected health information (PHI), as well as additional details such as diagnoses, treatments, and other potentially sensitive health-related data; and numerous screenshots from a healthcare management software that showed active dashboards, logging, tracking, and scheduling details with personally identifiable information of patients and providers. Some of the folder names in this database contained the first and last names of patients.
Fowler notified Archer Health on September 4, 2025, and Archer Health reportedly locked the database. On September 7, 2025, the ransomware group KillSec3 added Archer Health to its dark web leak site and claimed responsibility for leaking patient data.
If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Archer Health’s cybersecurity practices.
If you received notification of this data breach or are a patient of Archer Health and wish to obtain additional information about your legal rights, please fill out the form below.
