[KAZU] – Ransomware Victim: Doctor Alliance – Streamlined Document and Billing Management for Healthcare Providers
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the KAZU Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On 2025-11-06 18:12:00, a ransomware leak page identifies Doctor Alliance – Streamlined Document and Billing Management for Healthcare Providers as a victim. Doctor Alliance is described as a U.S.-based healthcare technology platform that helps physicians and medical agencies manage documents, referrals, and billing within a single secure online system. The page reiterates the platform’s services—electronic document signing, coordination with agencies, and billing support for programs such as CPO, CCM, and TCM—and notes an integration with Axxess Home Health to streamline workflows and reduce paperwork. The post claims attackers exfiltrated 353 GB of data across about 1,240,640 files from Doctor Alliance’s network and demand a ransom of $200,000, with a deadline set for 2025-11-21 18:12:00. A claim URL is shown on the leak page, and a samples archive is provided to illustrate the compromised data. The page displays two image assets, including branding associated with the victim, and one other branding asset from another organization. The post date serves as the publication date since no separate compromise date is provided. (Defanged domain reference: doctoralliance[.]com)
The description on the leak page frames Doctor Alliance as a U.S.-based healthcare technology platform offering consolidated document management, referrals, and billing in a single secure online system. It highlights features such as electronic document signing, agency coordination, and billing support for programs like CPO, CCM, and TCM, and it notes an integration with Axxess Home Health to streamline workflows and reduce paperwork, with the goal of faster document turnaround and improved billing efficiency. The post presents a data-leak scenario rather than a clearly identified encryption event, citing a claimed 353 GB of exfiltrated data across roughly 1.24 million files and a USD 200,000 ransom due by 2025-11-21 18:12:00. A samples archive is referenced to demonstrate the data at stake, and a claim URL is included on the page to facilitate follow-up. The page shows two imagery assets—branding for the victim and branding for another organization—used to illustrate the scope of the incident, without exposing direct image URLs. The absence of a separately stated compromise date means the post date remains the operative timestamp for the event. (Defanged reference: doctoralliance[.]com)
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
