Healthcare Technology Firm Doctor Alliance breached, allegedly exposing 1.2 Million patient records
Learn More
Doctor Alliance, LLC, a Texas-based healthcare technology firm that provides document and billing management services to physician practices and healthcare providers, was hit by a cyberattack and data breach that has exposed sensitive medical information.
The incident occurred in October and November 2025 and was claimed by a cybercriminal operating under the alias "Kazu". The attacker requested a $200,000 ransom and set a deadline of November 21, 2025, to prevent the public release or sale of the stolen data.
The breach was caused by an unpatched legacy vulnerability in Doctor Alliance's systems. According to the cybercriminal's statements to the initial breach was in October 2025. The threat actor then stole the data between November 4-6, 2025, before posting 533 sample images of patient files on a prominent hacking forum on November 7, 2025, along with a ransom demand. The compromised dataset is claimed to be 353 gigabytes of data comprising 1,240,640 files. The exposed sensitive information includes:
- Patient names
- Dates of birth
- Physical addresses
- Phone numbers
- Email addresses
- Medicare numbers
- Medical record numbers
- Primary and secondary diagnoses
- Detailed treatment plans with treatment codes
- Safety measures
- Medications and dosages
- Provider information
- Health insurance claim numbers
- Hospital orders
- Check-up summaries
The number of affected individuals is not disclosed.
Doctor Alliance's initially stated it was "not able to confirm from the information they have that this is a legitimate breach" and requested additional samples to verify the claims, despite 533 images of actual patient files already being publicly posted. In a subsequent statement Doctor Alliance characterized the incident as "unauthorized access involving a single client account" and claimed "the issue was contained immediately, impacted systems were secured and the vulnerability was corrected the same day." The company added that it is "currently working with independent security experts to complete a thorough analysis of the incident" and has "not verified the claims or numbers circulating online."
As of November 15, 2025, Doctor Alliance has not released any official public breach notification on its website or social media channels, nor has the company confirmed whether it has notified affected patients or reported the incident to the U.S. Department of Health and Human Services' Office for Civil Rights, as required under HIPAA breach notification rules.
