Ransomware Attack on TopDoctors.com by RansomHub Exposes Data
RansomHub Targets TopDoctors.com in Ransomware Attack
TopDoctors.com, a leading online platform connecting patients with top medical specialists, has been targeted by the ransomware group RansomHub. The attackers claim to have accessed 40 GB of sensitive data, including patient information, insurance details, and personal data from TopDoctors' subsidiaries in multiple countries.
About TopDoctors.com
Founded in 2013, TopDoctors.com operates in the healthcare services sector, providing a comprehensive platform for patients to find and book appointments with over 90,000 vetted medical specialists worldwide. The company emphasizes quality in healthcare by ensuring that listed doctors meet stringent criteria regarding their qualifications and patient care practices. TopDoctors.com facilitates more than 2.3 million appointments annually and receives approximately 275 million visits to its website.
Attack Overview
RansomHub claims to have accessed sensitive data from TopDoctors' subsidiaries in Spain, Italy, Mexico, Colombia, Chile, Argentina, the UK, Saudi Arabia, and the U.S. The group has set a ransom deadline for September 22. However, TopDoctors has denied the occurrence of a ransomware attack, stating that the unauthorized access was limited to a test copy of its Latin American database used for development purposes. The company clarified that no critical systems were breached and that the incident affected only 4% of its total database, involving mainly public contact details of affiliated doctors and some patient booking information from Chile and Argentina.
RansomHub's Modus Operandi
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. Known for its speed and efficiency, the group uses a combination of double extortion—encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets high-value sectors such as healthcare, financial services, and government.
Penetration and Response
TopDoctors has initiated a comprehensive investigation, collaborating with cybersecurity experts at Ackcent for a forensic analysis. Despite finding no significant breaches of their infrastructure, the company has heightened monitoring efforts to detect unauthorized access and prevent future incidents. TopDoctors is also working with authorities in the affected countries to ensure compliance with data protection regulations and has reassured its Chilean and Argentine patients of the platform's security.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!