Cyber Incident Victim: Med-Care Infusion Services, Inc.

On October 16, 2020, Med-Care Infusion Services, Inc., a Florida-based specialty pharmacy, was listed on the dedicated leak site operated by the DoppelPaymer ransomware threat actor group. The attackers posted two documents as proof of their unauthorized access to Med-Care's systems. Neither document contained personally identifiable information (PII) or protected health information (PHI), leaving the full scope of potentially compromised data unclear. DataBreaches.net contacted Med-Care via email on October 16 and again on October 21 to inquire about the incident but received no response. The organization did not publish any public statements, breach notifications, or warnings on its website regarding the security event. No corresponding entry for Med-Care appeared on the U.S. Department of Health and Human Services (HHS) public breach reporting tool as of the article's publication date in November 2020.

The absence of disclosed evidence showing PHI exfiltration created uncertainty about whether the incident triggered HIPAA breach reporting obligations. DoppelPaymer's standard operational model involved data exfiltration prior to encryption, followed by ransom demands and threats to publish stolen data. Med-Care's lack of public communication prevented confirmation of whether patient data was accessed, whether systems were encrypted, or if operational disruptions occurred. The incident exemplified broader patterns observed across 30 analyzed healthcare ransomware cases in 2020, where only 11 entities had provided notifications despite threat actors publicly dumping data. No subsequent information emerged regarding patient impact, forensic findings, remediation efforts, or regulatory actions related specifically to Med-Care's case through the documented timeframe.