Mobile medical service DocGo confirms it suffered a major cyberattack

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

On-demand medical transportation and telemedicine company DocGo has said it recently suffered a cyberattack which resulted in the theft of some sensitive, health-related data.

In an 8-K form filed with the Securities and Exchange Commission (SEC), the company said it recently identified a cybersecurity incident “involving certain parts of the company’s systems.” 

As soon as it spotted the attack, the company did the usual: launched an investigation, brought in external cybersecurity experts for analysis and forensics, and notified relevant authorities. Whether or not it was forced to shut down its systems, and thus disrupt its day-to-day operations, is unknown at this time. 

Ongoing investigation

The subsequent investigation determined that the attackers did access, and exfiltrate, some information from the company’s IT infrastructure, “including certain protected health information from a limited number of healthcare records within the company’s U.S.-based ambulance transportation business.” 

So far, we don’t know exactly what kind of health information was taken, or how many people are affected. DocGo did say that it started notifying the victims. 

Since the investigation is still ongoing, results may vary, but so far there is no evidence of other business units being affected by the breach, no evidence of the attackers still lingering on the network, no evidence of the stolen data being abused in the wild, and no evidence of the incident having a material impact on the company. 

Since hacking groups are yet to take responsibility for this attack, we don’t know if this was a ransomware incident, or a simple data smash-and-grab. In recent times, ransomware operators have started abandoning the encryption part of the attack, and started focusing solely on data exfiltration. Apparently, developing, maintaining, and deploying an encryptor is too expensive and too cumbersome. Demanding money in exchange for the data seems lucrative enough. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.