-
A recent cybersecurity study revealed a new data collection on the darknet comprising 1.24 million documents allegedly owned by Doctor Alliance.
-
The perpetrator, with a pseudonym Alias “God,” allegedly stole 353GB worth of data during a cyber attack on Doctor Alliance’s digital systems.
-
Doctor Alliance has currently not responded to the discussions of being hacked by a third party.
A cybersecurity research company confirmed that it has located a new data storage on the darknet, which comprised 1.24 million documents. According to the firm, the documents were allegedly stolen from Doctor Alliance’s database after cybercriminals hacked its digital systems.
The data has not yet been exposed; however, the supposed perpetrator, using the pseudonym “Alias God,” is threatening to either sell or post the credentials on November 21 if the organization doesn’t pay a $200,000 ransom.
Threat Actor Reportedly Hacks Doctor Alliance Database
The hacker group released a sample of 200MB to prove it is in possession of the actual stolen files it claims to have. According to the report, the disclosed documents comprised several medical records, full of numerous sensitive customer data. These details include:
- Home addresses
- Names
- Check-up summaries
- Prescriptions
- Hospital orders
- Diagnoses
- Phone number
- Health insurance claim numbers
- Treatment plans
The threat actor has vowed to take down the data if Doctor Alliance pays the ransom. While Alias GOD did not disclose many details of the data breach, the group posted the incident on November 10, 2025.
Currently, no prominent hacker cell has claimed responsibility for the data breach, and Alias GOD just joined the dark web forum only four months ago, in June. This new actor is testing the waters of a dark web ecosystem that is constantly under pressure from global law enforcement, a reality underscored by recent major operations like the FBI’s takedown of prominent dark web platforms connected to a massive data heist.
Potential for Greater Harm
It is worth noting that losing such medical credentials can result in even greater harm to the individuals connected.
One main reason for this is that cybercriminals tend to leverage sensitive information like names and home addresses, amongst others, to commit identity theft by creating fraudulent accounts.
Also, a data access as this would comprise a reportable hack under the conditions of the Health Insurance Portability and Privacy Act (HIPAA).
Most importantly, the real risk here is the possibility of insurance fraud and medical identity theft. In cases like this, threat actors can impersonate people to access prescription drugs. Also, if the stolen credentials contain patient histories, this could result in incidents of blackmail.
To worsen it, unlike credit cards or passwords, biometric and medical data are not recoverable, meaning that once compromised, individuals cannot edit their medical histories.
Researchers from the cybersecurity research company noted that the data leak poses a massive risk of medical scams and identity theft. Criminals can use the affected individual’s name and details to acquire prescription drugs or medical services.
Also, both patients and doctors can become vulnerable to social engineering attacks, the researchers further said.
Doctor Alliance, with its headquarters in Dallas, Texas, is a healthcare tech firm that offers solutions to healthcare companies and physicians in the United States. The company has partnered with leading healthcare companies, such as Interim, AccentCare, Intrepid, Carter, among many others. While this incident highlights the acute vulnerability of the healthcare sector, it’s part of a wider cybercrime wave that is aggressively targeting essential industries, with the building and construction industry now topping the global cyberattack list.
The firm focuses on handling administrative tasks such as curating, signing, and billing for files, and even claims to have facilitated the signing of millions of medical files for over 15 years.
