DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Double trouble: DoctorsToYou has not one, but two data security incidents to address

Posted on October 17, 2024 by Dissent

On Wednesday, the RansomHub ransomware group added a listing for DoctorsToYou in New York to their leak site. Their listing included several screencaps that revealed personally identifiable information (PII) and protected health information (PHI). Some of the files specifically showed their name or letterhead. The listing did not indicate how many GB of data RansomHub may have exfiltrated.

After checking DoctorsToYou’s website and realizing it was a non-profit organization serving often-underserved populations, DataBreaches reviewed RansomHub’s site to see if it said anything about avoiding hitting the medical sector.

It did, so yesterday morning, DataBreaches messaged RansomHub on Tox:

Your “about” page says, “We do not allow non-profit hospitals and some non-profit organizations be targeted.”

Why did you hit the non-profit “DoctorsToYou.com?” They focus on helping the elderly, veterans, and disabled people in their homes. They don’t even accept insurance or anything. They ask people to make pledges to donate to help the non-profit help other people in need of care.

Did you really encrypt them and demand an extortion payment?

Jeez…. have a heart.

Dissent from DataBreaches.net

Although their account appeared to be online, they did not respond directly. Yet less than an hour later, the listing on their site was removed.

A few hours later, DataBreaches messaged RansomHub again:

How about doing the right thing and giving these folks the decryptor?

This morning, RansomHub responded with a one-word reply:

will

DataBreaches hopes RansomHub does follow through on that. DataBreaches thanked them for their response and wants to publicly acknowledge their response.

But Ransomware Wasn’t DoctorsToYou’s Only Problem

When DataBreaches mentioned the attack on DoctorsToYou yesterday morning on infosec.exchange, the researcher known as @Chum1ng0 reached out on Telegram to say that he had been trying since August to get DoctorsToYou to secure a data leak that was exposing about 13,000 patient files. Chum1ng0 provided DataBreaches with copies of his responsible disclosure emails that had gone unanswered.

So yesterday, DataBreaches emailed DoctorsToYou a few times to update them about RansomHub’s actions and to reinforce Chum1ng0’s attempt to get them to secure their unsecured patient data in the unrelated leak.

No replies have been received as of publication and the exposed patient data remains exposed.

About DoctorsToYou

DoctorsToYou is a concierge service somewhat unlike other services. DoctorsToYou, founded by Dr. Ernest Brown, is based in the D.C. metropolitan area and provides urgent care, preventive care,  and long-term care to the elderly, veterans, and disabled patients in their homes. DoctorsToYou does not accept insurance, and they seem to have a pay-it-forward approach to being paid. From their website FAQ:

How much do your services cost?

All proceeds for the care we provide go directly to support the mission for Humans for Healthcare (www.h4-h.org), a 501c3 charitable organization dedicated to providing house calls to the elderly, veterans and disabled here in Washington, DC. When you submit a request, we determine what service we can provide and once all services have been rendered you will receive a pledge based on those services.

Now that is impressive. DataBreaches hopes they pay attention to the emails and lock down their patient data and storage.

Category: Commentaries and AnalysesExposureHealth DataMalwareOf NoteU.S.

Post navigation

← Radiant Capital Halts Lending After $50+ Million Security Breach; Compounded by Ancilia Goof
FBI Arrests Alabama Man in the January 2024 SEC X Hack that Spiked the Value of Bitcoin →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.