A threat actor is claiming responsibility for an alleged breach of PayLow Pro, a U.S. payment processing provider that offers payment and billing services to medical offices and other businesses, after purportedly encrypting the company’s database and failing to secure a ransom payment.
According to a post published on a cybercrime forum on June 21, the actor claims PayLow Pro refused to pay an extortion demand, prompting the release of a CSV file allegedly containing internal platform data. The forum listing was published under the company’s former domain, paylopro.com, which now redirects to PayLow Pro following a rebrand.
Founded in 2016, PayLow Pro markets itself as a payment processing provider serving medical offices and businesses across the United States, offering payment acceptance, merchant services, onboarding support, and billing-related services.
Claim centers on leaked platform records
The threat actor alleges they encrypted PayLow Pro’s database and subsequently released data after the company declined to pay a ransom demand. No evidence was provided publicly to verify the alleged encryption event itself.
However, the actor published sample records that appear to contain administrative account information associated with businesses using the platform. The exposed entries allegedly include names, email addresses, telephone numbers, organization names, account roles, and password hashes.
Additional records presented by the actor appear to contain customer contact information, including names, physical addresses, phone numbers, dates of birth, and email addresses.
BreachNews reviewed portions of the alleged sample data but could not independently verify its authenticity or determine whether the records originated from PayLow Pro’s production environment.
Healthcare organizations appear among affected customers
Unlike many breach claims involving a single organization’s customer database, the alleged PayLow Pro incident appears to affect multiple businesses using the platform.
Sample records reviewed by BreachNews reference dental practices, veterinary clinics, and other healthcare-related organizations that appear to use the service for payment and billing operations.
If authentic, the incident could represent a supply-chain style exposure in which data belonging to multiple customer organizations was compromised through a single service provider rather than through direct attacks against individual clinics or practices.
The limited sample data does not provide enough information to determine how many organizations may be affected or whether financial information was included in the allegedly stolen dataset.
Questions remain about scope and impact
The threat actor did not disclose the total size of the alleged dataset, the number of affected records, or details regarding the intrusion method. The post instead focused on the claim that PayLow Pro refused a ransom demand before the data was released.
At the time of publication, PayLow Pro had not issued any public statement regarding the alleged breach or the threat actor’s claims.
The claim emerges amid continued targeting of healthcare technology providers and third-party service platforms that support medical organizations. Earlier this week, BreachNews reported on alleged healthcare-related breach claims involving One Medical, highlighting the ongoing risks facing organizations that handle sensitive patient and operational data.
Organizations using PayLow Pro should monitor for any official notifications and consider reviewing account security controls, password policies, and administrative access logs while the claims remain unverified.
