Little Red Door Cancer Services of East Central Indiana

Little Red Door Cancer Services of East Central Indiana functions as a nonprofit organization providing support services to individuals impacted by cancer within its designated region of East Central Indiana. The agency handles highly sensitive personal information, including client diagnostic data and employee Social Security numbers, as evidenced by the specific records targeted in a 2017 security incident. Its operational scope is community-focused, serving a defined geographic area rather than a national or international clientele. The nature of its work places it within the healthcare support sector, where the confidentiality and secure handling of patient health information constitute a fundamental operational requirement. While its core mission likely involves counseling, resource navigation, and financial assistance for cancer patients, the available public record does not detail specific programs, funding mechanisms, or organizational size. No information is available concerning its ownership structure, parent organizations, or subsidiary relationships. The agency's identity is further established through its recognized aliases, including Little Red Door Cancer Services and LRD Cancer Services of East Central Indiana, though its official operations are anchored in its full legal name and regional service territory.

In January 2017, the organization was the target of a cyberattack attributed to the criminal collective TheDarkOverlord. The incident involved the unauthorized exfiltration of data and the deliberate wiping of servers, though the agency's backup systems remained intact and operational. The attackers' objective was extortion, demanding payment to prevent the public release of stolen information, which they claimed contained staff Social Security numbers and confidential client health details. The agency publicly refused to pay the ransom, even after the attackers reduced their demands, and subsequently involved the Federal Bureau of Investigation in its response. This course of action contrasted with some initial public assertions by the agency regarding the exposure of data on the dark web, a claim the attackers denied at the time, stating they had not yet released any information. The event highlights the organization's vulnerability to sophisticated cyber threats that specifically target healthcare-adjacent entities for the value of their personal health information. The decision to pursue law enforcement rather than negotiate with extortionists represents a documented response strategy, though no public record details subsequent operational changes, long-term impacts, or regulatory penalties stemming from the breach. The incident remains a notable point in the organization's history, illustrating the critical importance of data security in nonprofit healthcare support services.