Mobile medical services provider DocGo has suffered a breach in its US-based ambulance transportation business, the company said in an SEC filing.
The healthcare provider, offering mobile health services, ambulance services, and remote monitoring for US and UK patients, said in the filing that the cyberattack has allowed the threat actor to access a “limited number of healthcare records” from the breached system.
“DocGo Inc. recently identified a cybersecurity incident involving certain of the Company’s systems,” the company said in the filing. “Promptly after detecting unauthorized activity, the Company took steps to contain and respond to the incident, including launching an investigation, with assistance from leading third-party cybersecurity experts, and notifying relevant law enforcement.”
The attack had no material impact
While the company did not disclose how it is responding to the incident, it did say that it compromised certain “protect health” information accessed and acquired by the threat actor.
The usual response to such incidents is a shutdown of affected systems and those potentially in the attack radius. However, according to its website, DocGo is fully operational.
“To date, the cybersecurity incident has not had a material impact on the Company’s operations, and the Company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations,” the company said in the filing.
DocGo also added that, while the investigation is ongoing, the company has found no evidence of continued unauthorized activity on its systems and has contained the incident. Additionally, it is sending out notifications to users affected by the attack.
Healthcare highly attacked
There have been heightened adversary activities in US healthcare, with the authorities warning against a specific targeting of the sector. A recent joint advisory by the FBI, CISA, and the Department of Health and Human Services (SSH) highlighted evolved targeting by the BlackCat ransomware gang.
Earlier in Feb, a massive attack on the Change Healthcare systems, carried out by BlackCat, pushed the UnitedHealth-owned business into a complete IT shutdown. The threat actors exploited existing, unpatched vulnerabilities to hack into its systems.
Previously in January, BlackCat was also attributed to an attack on NextGen Healthcare systems which allegedly had a ransom ask of $1.5 million.