Healthcare firm apparently hit by major cyberattack exposing over a million medical records - how to find out if you're affected

News
By published

Hacker claims to have stolen files from Doctor Alliance

hacker hands at work with interface around
(Image credit: Shutterstock)
  • Threat actor claims to have stolen 1.24 million sensitive health files from Doctor Alliance
  • Leaked data includes prescriptions, diagnoses, insurance details, and personal contact information
  • Breach risks include fraud, extortion, lawsuits, and long-term reputational damage

Doctor Alliance, an American healthcare technology firm, has allegedly suffered a cyberattack which saw it lose more than a million sensitive files.

Security researchers from Cybernews spotted a new post on an underground hacking forum, in which a threat actor said they stole 1.24 million files, totaling 353 gigabytes in size, from Doctor Alliance.

The hacker demanded $200,000 in exchange for deleting the files and uploaded a small 200 MB sample, which the Cybernews team analyzed, finding it contains prescriptions, treatment plans, check-up summaries, hospital orders, people’s names, health insurance claim numbers, home addresses, phone numbers, diagnoses, and doctor names.

Huge potential for abuse

Doctor Alliance is yet to comment on the news. If the stolen archive turns out to be legitimate, it could be a major risk for the company’s customers, since the information can be used in all sorts of social engineering and fraud attacks.

With 1.24 million stolen health files, attackers can commit identity theft, insurance fraud and targeted extortion by threatening to leak sensitive medical details. Aggregated data enables doxxing (publicly revealing someone’s private personal information online without consent), harassment and blackmail of high-value victims.

Attackers can file false claims, obtain prescriptions or controlled substances, and exploit medical histories to craft convincing social-engineering or phishing campaigns.

Sometimes, hackers will combine leaked data with those of previous leaks, creating detailed victim profiles, which can help them take over other accounts through credential stuffing and brute-forcing. Finally, nation-state or criminal groups can use the files for long-term surveillance, targeted scams, or discriminatory misuse.

On top of all of this, Doctor Alliance could face class-action lawsuits and regulatory fines. All things combined, major leaks such as this one hurt bottom lines, erode brand image, and lose customers.

Doctor Alliance specializes in document management and billing optimization solutions for physicians and home‑care agencies. Its headquarters is in Dallas, Texas.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.