Class Action U Logo
Start Your Data Breach Claim

Doctor Alliance Data Breach Lawsuit

Doctor Alliance was targeted by a hacker who stole over 5 million patient files in a data breach. While the company has not fully confirmed the extent of the breach, affected individuals can take steps to protect themselves and may be entitled to compensation through a class action lawsuit.

Doctor Alliance
Date of Breach: November 12, 2025
CAU logo

Who was affected:

Clients of Doctor Alliance

Impacted Data:

Patient Personal Information: Names, addresses, dates of birth

Health Data: Signed medical documents, diagnosis, prescriptions, and lab results

Medical Records: Patient IDs, medical record numbers, care and treatment information

Health Insurance Information: Insurance policies, claim numbers, and billing codes

Sign Up Now

Doctor Alliance, a healthcare technology provider, has been hacked twice by the same threat actor, resulting in the exposure of sensitive personal and medical information. The second hack has potentially affected millions of patients, leading to several class action lawsuits. If you were impacted by this breach, you may be entitled to compensation through a class action lawsuit.

Doctor Alliance’s Data Breach Investigation

On November 12, 2025, it was reported that Doctor Alliance was the target of a hacking incident by a threat actor named “Kazu,” who claimed to have stolen 353 GB of data and threatened to sell it unless a $200,000 ransom was paid by November 21, 2025. Kazu exploited an unpatched vulnerability in Doctor Alliance’s systems, which the company failed to secure in time. Despite the initial claims, Doctor Alliance initially did not confirm the breach but later acknowledged unauthorized access involving a single client account.

However, just days after announcing that the vulnerability had been fixed, Kazu reportedly hacked the company again, claiming to have stolen nearly 1.27 terabytes of data, including over 5 million files. This second breach was reportedly carried out by exploiting the same vulnerability, and the ransom demand was raised to $500,000. Kazu claimed that the data stolen included signed and unsigned patient documents, along with other sensitive information.

Doctor Alliance has not confirmed the full extent of the breach but has been facing growing legal action. Four class action lawsuits have already been filed in federal court as of November 2025.

When Did This Breach Occur?

The breach was first reported on November 12, 2025, when Kazu made the initial ransom demand. The second hack took place shortly afterward, during the weekend when Doctor Alliance employees were reportedly not working. Kazu allegedly carried out the attack in just 5-7 hours using all of his servers, with the breach going undetected until Monday.

What Information Was Breached?

The stolen data from the second breach includes:

  • Patient Personal Information: Names, addresses, dates of birth

  • Health Data: Signed medical documents, diagnosis, prescriptions, and lab results

  • Medical Records: Patient IDs, medical record numbers, care and treatment information

  • Health Insurance Information: Insurance policies, claim numbers, and billing codes

With over 5 million files affected, the breach likely involved sensitive protected health information (PHI) and personal information, which could lead to identity theft and medical fraud.

What You Can Do

If your personal or medical information was exposed in this breach, consider taking the following steps to protect yourself:

  1. Activate Credit Monitoring: Sign up for credit monitoring services to detect any misuse of your personal data.

  2. Monitor Your Financial and Medical Accounts: Review your financial and healthcare statements for unauthorized transactions or claims.

  3. Place a Fraud Alert: Contact the credit bureaus to place a fraud alert on your credit report, making it harder for fraudsters to open accounts in your name.

  4. Request a Free Credit Report: Review your credit report annually for any signs of fraud or identity theft.

  5. Report Fraudulent Activity: If you detect any suspicious activity, report it immediately to your financial institution, the Federal Trade Commission (FTC), and your state Attorney General’s office.

These actions will help safeguard your personal information and minimize the risk of identity theft or medical fraud.

File a Data Breach Lawsuit Against Doctor Alliance

If you were notified that your personal information was involved in the Doctor Alliance data breach, you may be entitled to compensation. Data breaches involving sensitive health data can lead to serious consequences, including financial loss, emotional distress, and identity theft. Filing a lawsuit can help hold Doctor Alliance accountable for their failure to secure their systems and compensate those impacted.

To explore your legal options, contact Class Action U today for a free consultation. Our legal partners specialize in data breach lawsuits and can help you determine whether you have a valid claim. Don’t stand alone—join the fight for justice

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Doctor Alliance Data Breach
Date of Breach: November 12, 2025
Revere Health Data Breach
Date of Breach: October 2, 2025
Innovative Physical Therapy Data Breach
Date of Breach: October 2, 2025
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.