Ransomware Attack on TopDoctors.com by RansomHub Exposes Data
Incident Date:
September 18, 2024
Overview
Title
Ransomware Attack on TopDoctors.com by RansomHub Exposes Data
Victim
TopDoctors.com
Attacker
Ransomhub
Location
First Reported
September 18, 2024
RansomHub Targets TopDoctors.com in Ransomware Attack
TopDoctors.com, a leading online platform connecting patients with top medical specialists, has been targeted by the ransomware group RansomHub. The attackers claim to have accessed 40 GB of sensitive data, including patient information, insurance details, and personal data from TopDoctors' subsidiaries in multiple countries.
About TopDoctors.com
Founded in 2013, TopDoctors.com operates in the healthcare services sector, providing a comprehensive platform for patients to find and book appointments with over 90,000 vetted medical specialists worldwide. The company emphasizes quality in healthcare by ensuring that listed doctors meet stringent criteria regarding their qualifications and patient care practices. TopDoctors.com facilitates more than 2.3 million appointments annually and receives approximately 275 million visits to its website.
Attack Overview
RansomHub claims to have accessed sensitive data from TopDoctors' subsidiaries in Spain, Italy, Mexico, Colombia, Chile, Argentina, the UK, Saudi Arabia, and the U.S. The group has set a ransom deadline for September 22. However, TopDoctors has denied the occurrence of a ransomware attack, stating that the unauthorized access was limited to a test copy of its Latin American database used for development purposes. The company clarified that no critical systems were breached and that the incident affected only 4% of its total database, involving mainly public contact details of affiliated doctors and some patient booking information from Chile and Argentina.
RansomHub's Modus Operandi
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. Known for its speed and efficiency, the group uses a combination of double extortion—encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets high-value sectors such as healthcare, financial services, and government.
Penetration and Response
TopDoctors has initiated a comprehensive investigation, collaborating with cybersecurity experts at Ackcent for a forensic analysis. Despite finding no significant breaches of their infrastructure, the company has heightened monitoring efforts to detect unauthorized access and prevent future incidents. TopDoctors is also working with authorities in the affected countries to ensure compliance with data protection regulations and has reassured its Chilean and Argentine patients of the platform's security.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.