Ransomware victim disclosure
← All victimsDOCTUS USA Inc
Claimed by Deadlock · listed 5 days ago
Status timeline
- ListedJul 10, 2026
- Data leakeddate unknown
At a glance
- Group
- Deadlock
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jul 10, 2026
About the victim
AI dossier — public-source company profileDOCTUS USA Inc is a HIPAA-compliant, ISO 27001:2022-certified healthcare technology and business process outsourcing firm specializing in medical records management, transcription, coding, and billing services. The company operates as a Business Associate to covered entities and provides IT infrastructure, software development, and ancillary services to healthcare organizations across the United States.
- Industry
- Healthcare Business Process Outsourcing & Medical Records Management
Attack summary
Severity: critical — Confirmed exfiltration of data from a HIPAA-covered/Business Associate entity handling protected health information (PHI) at scale. Medical records and patient data are regulated sensitive information; compromise poses significant regulatory and privacy risk.The Deadlock group claims to have compromised DOCTUS USA Inc and published exfiltrated data. The group's post confirms data exfiltration but does not specify the data categories, volume, or proof artifacts in the excerpt provided.
Data the group says was taken
AI dossier — extracted from the leak post- Medical records
- Patient health information (PHI)
- Billing records
- Business processes/client data
- IT infrastructure configurations
What the group claims
Doctus offers top-tier medical records services in the USA, specializing in the management and organization of medical documentation.
Sources
Source
Indexed 5 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

