On November 7, 2025, Doctor Alliance, a Dallas-based healthcare technology provider, suffered a ransomware attack by a hacker known as 'Kazu.' The attacker infiltrated the company’s systems, exfiltrating over **1.2 million files (353 GB)**, including **personally identifiable information (PII)** such as names, addresses, Social Security numbers, dates of birth, and **protected health information (PHI)** like medical records, treatment details, and health insurance data. The breach poses severe risks of **identity theft, medical fraud, and privacy violations** for affected individuals nationwide, given Doctor Alliance’s integration with **electronic health record (EHR) systems** and its role in processing high volumes of clinical and administrative data. The hacker demanded a ransom, threatening to release the stolen data. As of now, Doctor Alliance has not issued a public statement, leaving patients and partners uncertain about mitigation steps. The incident underscores critical vulnerabilities in healthcare data security, with potential long-term reputational, financial, and operational consequences for the company and its stakeholders.
Source: https://www.claimdepot.com/data-breach/doctor-alliance-2025
Doctor Alliance cybersecurity rating report: https://www.rankiteo.com/company/doctor-alliance
"id": "DOC0894308111825",
"linkid": "doctor-alliance",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Potentially nationwide '
'(high-volume '
'clinical/administrative data '
'processor)',
'industry': 'Healthcare',
'location': 'Dallas, Texas, USA',
'name': 'Doctor Alliance',
'type': 'Healthcare Technology Provider'}],
'customer_advisories': ['Monitor credit reports and medical bills',
'Contact healthcare providers regarding records',
'Avoid sharing sensitive info in unsolicited '
'communications',
'Consider fraud alerts/credit freezes'],
'data_breach': {'data_exfiltration': 'Confirmed (claimed by threat actor)',
'number_of_records_exposed': '1.2 million+ files (353 GB)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Social Security '
'numbers',
'Dates of birth',
'Medical/treatment '
'information',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'insurance info)',
'type_of_data_compromised': ['PII', 'PHI']},
'date_detected': '2025-11-07',
'description': 'On Nov. 7, 2025, Doctor Alliance, a Dallas-based healthcare '
'technology provider, was allegedly alerted that an online '
"hacker, 'Kazu', infiltrated its files and threatened to "
'release them unless a ransom was paid. The hacking group '
'claimed to have obtained over 1.2 million files (353 GB of '
'data), including PII and PHI such as names, addresses, Social '
'Security numbers, medical records, and health insurance '
'information. The breach poses risks of identity theft, '
'medical fraud, and privacy violations for affected '
'individuals.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust due to '
'exposure of sensitive health data)',
'data_compromised': ['PII (names, addresses, phone numbers, SSNs, '
'dates of birth)',
'PHI (medical/treatment info, health '
'insurance info)'],
'identity_theft_risk': 'High',
'systems_affected': ['EHR-integrated platform',
'Clinical/Administrative data processing '
'systems']},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (public '
'release if ransom unpaid)',
'high_value_targets': ['EHR-integrated systems',
'Clinical/administrative '
'databases']},
'investigation_status': 'Ongoing (no official updates from Doctor Alliance)',
'motivation': 'Financial (ransom demand)',
'ransomware': {'data_exfiltration': 'Yes (double extortion tactic implied)',
'ransom_demanded': 'Yes (amount unspecified)'},
'recommendations': ['Implement multi-layered security for EHR-integrated '
'systems',
'Enhance monitoring for exfiltration of large data '
'volumes',
'Develop pre-approved public communication templates for '
'ransomware events',
'Conduct third-party audits of PHI/PII protection '
'measures'],
'references': [{'source': 'Unnamed cybersecurity news outlet (initial '
'report)'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA '
'violations (PHI '
'exposure)']},
'response': {'communication_strategy': ['No public statement issued as of '
'reporting',
'Advisories for affected individuals '
'to:',
'- Monitor credit reports/medical '
'bills',
'- Contact healthcare providers',
'- Beware of phishing/solicitations',
'- Consider fraud alerts/credit '
'freezes']},
'threat_actor': 'Kazu (hacking group)',
'title': 'Doctor Alliance Data Breach and Ransomware Attack',
'type': ['Data Breach', 'Ransomware Attack']}