Cyber Incident Victim: American Medical Association
Date:
Apr 2020
Location:
United States of America
Summary
A cybercriminal sold personal data of 1.41 million US doctors stolen from an online healthcare professional directory service. The compromised information included full names, genders, hospital affiliations, practice addresses, phone numbers, and medical license numbers, though email addresses and medical records were not exposed. The breach created significant risks for healthcare workers during the pandemic, enabling potential smishing attacks, disinformation campaigns, and targeted phishing operations using readily available contact details. Security experts warned that the highly specific nature of the stolen data could facilitate ransomware attacks or misinformation targeting medical professionals amid critical COVID-19 response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
On April 11, 2020, cybercriminals compromised the database of qa.findadoctor.com, an online healthcare professional directory operated by Edison, New Jersey-based Millennium Technology Solutions. The attackers exfiltrated personal and professional details of 1.41 million U.S. doctors, subsequently offering the dataset for sale on a hacker forum. The stolen records contained full names, genders, hospital affiliations, practice locations, mailing addresses, phone numbers, license numbers, and country information. Patient medical records and registration photos were not included in the breach. The service's website allowed both doctors and patients to register accounts, though the compromised data appeared limited to physician profiles. Security researchers confirmed the absence of email addresses in the stolen dataset, though analysts noted this information could be easily cross-referenced using the exposed details.
The breach occurred during heightened cybercriminal activity exploiting the COVID-19 pandemic, with threat actors targeting healthcare systems under strain. Security firm Under the Breach warned the dataset's specificity to medical professionals created risks for SMS-based disinformation campaigns or targeted attacks against critical personnel. Cybersecurity professionals on Twitter debated the dataset's value, with some noting its potential use in phishing operations or as reconnaissance for ransomware attacks like Ryuk, which had previously compromised law enforcement evidence systems. The database remained actively marketed on hacker forums alongside other illicit datasets at the time of reporting. Millennium Technology Solutions had not publicly acknowledged the breach in available source material, and no containment measures or victim notifications were documented.