Cyber Incident Victim: All About Potential Family Chiropractic

On or around February 5, 2020, the Maze ransomware group publicly claimed responsibility for a cyberattack targeting All About Potential Family Chiropractic, PC, a South Dakota-based practice operated by Drs. Scott and Dawn Hourigan. The attackers exfiltrated and subsequently dumped sample data from the chiropractic office's servers as part of their established pattern of naming victims and releasing stolen information. Analysis of the leaked data by cybersecurity observers revealed a diverse collection of compromised files, including employment records, dietary documents, and protected health information (PHI) belonging to patients. The exposed PHI contained sensitive details such as patients' full names, dates of service, medical diagnoses, treatment types, and explanation of benefits (EOB) statements. Maze inaccurately listed this victim as "RamTek" on their leak site despite the clear identification of the actual chiropractic practice in the stolen records.

The incident exposed significant volumes of sensitive patient data with no immediate public clarification from Maze regarding the total number of affected individuals or files. The compromised health information created risks of medical identity theft, insurance fraud, and privacy violations for patients. At the time of public reporting, All About Potential Family Chiropractic had not posted any breach notifications on their website or responded to media inquiries from DataBreaches.net, which had submitted detailed questions about the attack earlier on February 5. The absence of confirmed containment measures, detection methods, or remediation steps by the practice left the full scope of operational disruption and long-term consequences undocumented in available sources. Maze's data dump demonstrated their capability to access and extract heterogeneous organizational data, emphasizing the vulnerability of small healthcare entities to coordinated ransomware operations.