zHealthEHR (zHealth), a cloud-based electronic health record (EHR) and practice management platform built for chiropractors and wellness providers, has allegedly been compromised. An unidentified threat actor claims to have exfiltrated a massive database from the San Francisco-based company, which serves thousands of clinics across the United States.
The actor listed the data on January 26, 2026, demanding a $500,000 ransom to prevent the information from being sold to third parties. The breach reportedly involves 15 GB of data, totaling over 1.2 million records. The organization has been given a deadline of February 17, 2026, to meet the extortion demands.
According to the actor, the allegedly compromised data includes:
-
Full names
-
Email addresses
-
Phone numbers
-
Patient intake information
-
Clinical documentation (customizable SOAP notes)
-
Appointment scheduling and automated reminders
-
Billing and payment records
-
Demographic information
