Incident Overview

A threat actor operating under the handle "iProfessor" claims to be selling a database from CallOnDoc, described as an online telemedicine platform that connects patients with licensed doctors for virtual consultations. According to the post, CallOnDoc was launched in 2017 and serves all states in the United States, offering video, phone, or chat consultations for various health concerns including prescriptions, medical advice, and follow-up care available 24/7. The platform also offers medication delivery directly to patients' pharmacies.

The threat actor states the breach occurred in December 2025 and exposed 1,144,223 patient records sourced "directly from internal systems and kept offline until now." The listing price is $5,000 USD with availability limited to 5 buyers, after which the listing will be closed permanently. The seller offers 1,000 patient records as a sample and accepts forum-approved escrow. The sample data shows patients from across the United States with detailed medical information including conditions such as STD-related diagnoses, prescriptions, and consultation types categorized under Primary Care, Urgent Care, Women's Health, Men's Health, Dermatology, STD, and Prescription Refills.