HIPAA business associate Doctor Alliance, based in Dallas, TX, is looking into an incident involving a hacker who stole 353 GB of data during a cyberattack in November. On or about November 7, 2025, a hacker with the nickname Kazu posted on an underground hacking forum about the 1.24 million stolen files from Doctor Alliance. The attacker required a $200,000 ransom, payment in exchange for the deletion of the stolen data. If no ransom is paid, the hacker has warned that it will sell the data.
Analysis of the 200 MB sample data added to the listing showed the inclusion of patient names, phone numbers, home addresses, email addresses, Medicare numbers, medical record numbers, diagnoses, treatment data, prescription drugs, and provider details. Based on the leak website, Doctor Alliance needs to pay the ransom by November 21, 2025.
Although the sample data seems to include patient information, there is no confirmation yet that the information originated from Doctor Alliance. The data could have been taken from a prior data breach at a different entity. Doctor Alliance’s press release confirmed that it knows about the claim, has hired cybersecurity specialists to find out if its system had been breached, and is reviewing the data sample to know whether the claim is legitimate. Doctor Alliance has mentioned that an unauthorized individual got access to one client account, but it has taken immediate steps to control the incident. Doctor Alliance remediated the exploited vulnerability immediately upon discovery; however, it did not confirm whether the data was stolen during that breach.
It is uncertain if Kazu is a lone hacker or a hacking group member. The present list on the Kazu data leak site has over 30 victims, including healthcare companies, government entities, and the military. Kazu doesn’t seem to have formerly attacked entities in the U.S. It seems to prefer entities in Asia, the Middle East, and South America. The dark web data leak site consists of victims from Argentina, Bolivia, Costa Rica, Colombia, Iran, Mexico, Mauritania, Nepal, Sri Lanka, Saudi Arabia, Venezuela, and Thailand. Doctor Alliance is presently the only U.S. victim on the list.
Even without the confirmation of data theft, some have already taken legal action. Doctor Alliance is facing several class action lawsuits filed by affected people in the United States District Court for the Northern District of Texas, Dallas Division. Barbara Catabia filed one lawsuit, individually and on behalf of individuals with similar situations. The lawsuit alleges that Plaintiff’s and Class Members’ Private Data are in the possession of cybercriminals who will use the stolen data for criminal activities.
The lawsuit states that Doctor Alliance offers services to healthcare companies like Prima Care, Intrepid, Interim, and AccentCare. Prima Care is also a defendant in the lawsuit. The lawsuit claims negligence, negligence per se, unjust enrichment, breach of implied contract, breach of third-party beneficiary contract, and breach of fiduciary duty. The lawsuit seeks compensatory damages, nominal damages, punitive damages, restitution, declaratory and injunctive relief, class action certification, a jury trial, fair attorneys’ fees and expenses, and other remedial measures considered reasonable by the court.
Image credit: Johnnii, AdobeStock
