Disability Help Group

Disability Help Group, based in Florida, United States, provides advocacy services for individuals seeking disability benefits, assisting clients in navigating complex application processes for government programs such as Social Security Disability Insurance and Supplemental Security Income. Their core function involves compiling, submitting, and managing extensive documentation on behalf of claimants, which inherently requires the collection and handling of highly sensitive personally identifiable information, detailed medical histories, occupational records, and eligibility assessments. This work positions them as a specialized intermediary between individuals with disabilities and benefit-determining agencies, relying on deep expertise in regulatory requirements and procedural navigation to support claims. The organization serves a vulnerable population seeking financial and medical support, and its operations depend on maintaining the confidentiality and integrity of the intimate personal data entrusted to it by clients. By managing such comprehensive records, Disability Help Group occupies a distinct niche within the advocacy sector, where competency is measured by both successful claim outcomes and the secure management of sensitive information. The nature of their services underscores a critical reliance on digital systems to store and process data that, if compromised, could have severe repercussions for the individuals they serve.

In June 2022, Disability Help Group experienced a ransomware attack that encrypted its files and led to the exfiltration of sensitive client data. The attackers, a ransomware group, subsequently published a subset of the stolen records on a dedicated leak site in a "proof pack," exposing extensive personally identifiable information including detailed medical histories, occupational records, and eligibility assessments from hundreds of cases. The breach demonstrated the significant volume and sensitivity of the data the organization holds, with the ransomware group indicating they retained additional unreleased information. Following the incident, Disability Help Group did not respond to inquiries about the breach and did not confirm whether affected clients were notified, raising substantial concerns about its incident response protocols and communication with impacted individuals. This event highlights the acute cybersecurity risks faced by organizations that handle large quantities of personal health information, particularly those operating in advocacy roles without apparent robust defensive measures. The public leakage of client data and the organization's silence thereafter point to a potentially severe erosion of trust and a failure in duty of care toward the vulnerable population it serves. The full scope of harm resulting from the exposure of such detailed records remains unclear due to the lack of transparency from Disability Help Group.