Call-On-Doc: Call-On-Doc allegedly had a breach affecting more than 1 million patients. They’ve yet to comment. – DataBreaches.Net

Call-On-Doc Faces Alleged Data Breach with Unconfirmed Patient Exposure

A threat actor claims to have breached Call-On-Doc, a telehealth provider, in early December, accessing what appears to be sensitive patient data. According to private communications with DataBreaches, the attacker found no evidence of encryption during the intrusion and alleged the company failed to detect the breach while it was active.

The threat actor contacted Call-On-Doc on December 25, presenting proof of the breach and attempting to negotiate a payment to prevent data leaks or sales. However, after initial contact via an unofficial email, the company reportedly ceased communication.

As of publication, Call-On-Doc has not confirmed the breach or issued any public notifications to affected patients, regulators, or state attorneys general. Under HIPAA, covered entities must report breaches within 60 days of discovery, while 19 states require notification within 30 days. The lack of response raises concerns about compliance, particularly given the potential involvement of patients across multiple states, which could prompt a multi-state regulatory investigation.

DataBreaches reviewed a sample of 1,000 records from the alleged dataset, verifying that most patients still reside at the listed addresses, while others had lived there recently. The threat actor is also accepting escrow payments for the data a common tactic in legitimate cybercriminal sales further suggesting the breach may be real.

No official confirmation has been provided by Call-On-Doc, leaving the full scope and impact of the incident unclear. Regulatory scrutiny is likely if the data is authenticated.

Source: https://databreaches.net/2026/01/24/call-on-doc-allegedly-had-a-breach-affecting-more-than-1-million-patients-theyve-yet-to-comment/

Call-On-Doc cybersecurity rating report: https://www.rankiteo.com/company/callondoc

"id": "CAL1769264853",
"linkid": "callondoc",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Potentially thousands (1,000 '
                                              'records verified in sample)',
                        'industry': 'Healthcare',
                        'name': 'Call-On-Doc',
                        'type': 'Telehealth Provider'}],
 'customer_advisories': 'None issued as of publication',
 'data_breach': {'data_encryption': 'None (according to threat actor)',
                 'data_exfiltration': 'Alleged (threat actor claims data was '
                                      'accessed)',
                 'number_of_records_exposed': 'At least 1,000 (sample '
                                              'verified)',
                 'personally_identifiable_information': 'Yes (patient records)',
                 'sensitivity_of_data': 'High (personally identifiable and '
                                        'health-related information)',
                 'type_of_data_compromised': 'Patient data'},
 'description': 'A threat actor claims to have breached Call-On-Doc, a '
                'telehealth provider, accessing sensitive patient data. The '
                'attacker found no evidence of encryption and alleged the '
                'company failed to detect the breach while active. The threat '
                'actor contacted Call-On-Doc on December 25 to negotiate a '
                'payment to prevent data leaks or sales but received no '
                'further response. The breach remains unconfirmed by '
                'Call-On-Doc, raising compliance concerns under HIPAA and '
                'state regulations.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'unconfirmed breach and lack of '
                                       'response',
            'data_compromised': 'Sensitive patient data',
            'identity_theft_risk': 'High (patient data exposed)',
            'legal_liabilities': 'Potential HIPAA violations and state '
                                 'regulatory fines'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Potential (threat actor '
                                                    'accepting escrow '
                                                    'payments)'},
 'investigation_status': 'Unconfirmed (alleged by threat actor, no official '
                         'response from Call-On-Doc)',
 'motivation': 'Extortion (payment to prevent data leaks/sales)',
 'ransomware': {'data_encryption': 'No (data was accessed but not encrypted by '
                                   'ransomware)',
                'data_exfiltration': 'Alleged'},
 'references': [{'source': 'DataBreaches'}],
 'regulatory_compliance': {'legal_actions': 'Potential multi-state regulatory '
                                            'investigation',
                           'regulations_violated': ['HIPAA',
                                                    'State breach notification '
                                                    'laws (19 states with '
                                                    '30-day requirements)'],
                           'regulatory_notifications': 'None issued as of '
                                                       'publication'},
 'response': {'communication_strategy': 'No public notifications issued as of '
                                        'publication'},
 'threat_actor': 'Unknown threat actor',
 'title': 'Call-On-Doc Alleged Data Breach with Unconfirmed Patient Exposure',
 'type': 'Data Breach'}