Cluster · 4 affected providers
Kazu
Data posted
Doctor Alliance Vendor Breach — Home-Health Cluster
Unauthorized access to the Doctor Alliance physician-certification web portal between October 31 and November 17, 2025. Threat actor "Kazu" exfiltrated ~1.24M files / 353 GB and demanded $200K ransom. Doctor Alliance notified downstream covered entities in January 2026; affected home-health agencies filed their own HHS OCR reports.
Affected
28,230
Providers
4
Window
January–March 2026 (downstream filings)
Threat actor
Kazu
Scope
Home health and hospice agencies whose patient records were processed through the Doctor Alliance portal for physician-certification workflows.