Breach taxonomy
Summary
DocGo Inc. recently identified a cybersecurity incident in which a threat actor accessed and acquired data including certain protected health information (PHI) from a limited number of healthcare records within the company's U.S.-based ambulance transportation business. No other business lines were involved. The incident was contained with no evidence of continued unauthorized activity as of the filing date. Affected parties are being notified as required by law. Filed under Item 8.01; company determined the incident was not material.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Filing confirms the threat actor accessed and acquired data including PHI from company systems → DATA-EXFIL.
AssetsPersonal Data
Threat actor accessed and acquired protected health information (PHI) from ambulance transportation healthcare records → PERSONAL-DATA.