On Wednesday, the RansomHub ransomware group added a listing for DoctorsToYou in New York to their leak site. Their listing included several screencaps that revealed personally identifiable information (PII) and protected health information (PHI). Some of the files specifically showed their name or letterhead. The listing did not indicate how many GB of data RansomHub may have exfiltrated.
After checking DoctorsToYou’s website and realizing it was a non-profit organization serving often-underserved populations, DataBreaches reviewed RansomHub’s site to see if it said anything about avoiding hitting the medical sector.
It did, so yesterday morning, DataBreaches messaged RansomHub on Tox:
Your “about” page says, “We do not allow non-profit hospitals and some non-profit organizations be targeted.”
Why did you hit the non-profit “DoctorsToYou.com?” They focus on helping the elderly, veterans, and disabled people in their homes. They don’t even accept insurance or anything. They ask people to make pledges to donate to help the non-profit help other people in need of care.
Did you really encrypt them and demand an extortion payment?
Jeez…. have a heart.
Dissent from DataBreaches.net
Although their account appeared to be online, they did not respond directly. Yet less than an hour later, the listing on their site was removed.
A few hours later, DataBreaches messaged RansomHub again:
How about doing the right thing and giving these folks the decryptor?
This morning, RansomHub responded with a one-word reply:
will
DataBreaches hopes RansomHub does follow through on that. DataBreaches thanked them for their response and wants to publicly acknowledge their response.
But Ransomware Wasn’t DoctorsToYou’s Only Problem
When DataBreaches mentioned the attack on DoctorsToYou yesterday morning on infosec.exchange, the researcher known as @Chum1ng0 reached out on Telegram to say that he had been trying since August to get DoctorsToYou to secure a data leak that was exposing about 13,000 patient files. Chum1ng0 provided DataBreaches with copies of his responsible disclosure emails that had gone unanswered.
So yesterday, DataBreaches emailed DoctorsToYou a few times to update them about RansomHub’s actions and to reinforce Chum1ng0’s attempt to get them to secure their unsecured patient data in the unrelated leak.
No replies have been received as of publication and the exposed patient data remains exposed.
About DoctorsToYou
DoctorsToYou is a concierge service somewhat unlike other services. DoctorsToYou, founded by Dr. Ernest Brown, is based in the D.C. metropolitan area and provides urgent care, preventive care, and long-term care to the elderly, veterans, and disabled patients in their homes. DoctorsToYou does not accept insurance, and they seem to have a pay-it-forward approach to being paid. From their website FAQ:
How much do your services cost?
All proceeds for the care we provide go directly to support the mission for Humans for Healthcare (www.h4-h.org), a 501c3 charitable organization dedicated to providing house calls to the elderly, veterans and disabled here in Washington, DC. When you submit a request, we determine what service we can provide and once all services have been rendered you will receive a pledge based on those services.
Now that is impressive. DataBreaches hopes they pay attention to the emails and lock down their patient data and storage.