Data Breach Notification,
Data Security,
Fraud Management & Cybercrime
Cybercrime Gang Kazu Demands $200K Ransom, Leaking 1.2 Million Patient Records
The Kazu cybercrime group has recently emerged, threatening to leak 353 gigabytes of data from Doctor Alliance, a Texas-based company specializing in document and billing management technology for healthcare providers. This incident marks Kazu’s inaugural attack in North America.
In a statement to Information Security Media Group, Doctor Alliance confirmed its collaboration with independent security experts to probe Kazu’s allegations of having exfiltrated 1.2 million client records. The gang is demanding a ransom of $200,000 to prevent the release of the stolen data on dark web platforms.
The disclosed data reportedly includes sensitive patient information such as names, birth dates, addresses, phone numbers, email addresses, Medicare numbers, medical record numbers, diagnoses, treatment plans, medications, and provider details, as indicated by one of three federal class-action lawsuits filed due to the breach.
In addition to the ongoing lawsuits seeking financial redress and alleging negligence, several law firms have publicly announced their investigations into the Doctor Alliance breach for potential class-action litigation.
Doctor Alliance’s statement on the matter asserts that unauthorized access involved a specific client account, which has since been contained, securing impacted systems and rectifying the vulnerability within the same day. However, the company has not verified the claims reported online.
Cybersecurity experts have noted that Kazu’s data theft operations seem to be focused on extorting sensitive information rather than employing ransomware encryption, which is typically associated with many cybercrime operations. John Dwyer, Deputy CTO at Binary Defense, commented that Kazu’s emergence reflects a targeted interest in web applications and services, suggesting potential exploitation of weaknesses in internet-facing systems.
This incident aligns with tactics recognized in the MITRE ATT&CK framework, including initial access likely through direct exploitation of web application vulnerabilities. The targeting of healthcare data adds another layer of complexity to the ongoing issue of data breaches in this sector.
As the situation with Doctor Alliance unfolds, it highlights the critical need for professionals in the tech and business sectors to reassess their cybersecurity strategies, particularly with regard to securing web-facing applications. Implementing robust security measures, including multi-factor authentication, will become essential as cybercriminals like Kazu continue to expand their reach.
