Law Firms Circle Doctor Alliance After Data Breach May Have Exposed 1.2M Records

On Nov. 7, “a cybercriminal named ‘Kazu’ reportedly posted 533 images of patient files” containing sensitive information, said Schubert Jonckheer, which is investigating the breach of the Texas-based firm on behalf of the potential victims. “The cybercriminal claims to have 353 gigabytes of data consisting of over 1.2 million files.”

The files included information such as Medicare numbers, medical record numbers, patients' primary and secondary diagnoses, treatment plans, medications and dosages, and provider information, among other data, the law firm said.

Barnow and Associates is also investigating the breach. In a Tuesday press release, the law firm said Kazu was “demanding a $200,000 ransom by" Nov. 21 and “threatening to release or sell the dataset” if not paid.

A class-action lawsuit (docket 3:25-cv-03079) was also filed Tuesday in the U.S. District Court for Northern Texas against Doctor Alliance for failure to "take precautions designed to keep individuals’ Private Information secure.”

The company provides billing services to AccentCare, Intrepid, and other healthcare providers, the law firms said.

In an email to Privacy Daily, Doctor Alliance said the breach was "unauthorized access involving a single client account," and the "issue was contained immediately, impacted systems were secured, and the vulnerability was corrected the same day."

"We are currently working with independent security experts to complete a thorough analysis of the incident" but "at this stage, we have not verified the claims or numbers circulating online," a spokesperson told us. "Doctor Alliance is in the process of notifying affected partners and initiating the required regulatory processes."