Yes — East Texas Family Medicine (etfmed.com) was claimed by the Genesis ransomware group around July 3–5, 2026, with a threat to leak sensitive medical / internal healthcare files, according to DeXpose and corroborating monitors such as GalaxyWarden.
Public reporting attributes the claim to the threat actors’ leak site. Exact patient counts and file inventories were not independently verified at publication time — but clinics holding PHI should treat a Genesis listing as a patient privacy and follow-on phishing event until forensics clear it.
We scanned etfmed.com against a 100% ideal domain-security score.
What Happened
According to DeXpose and GalaxyWarden:
- July 3–5, 2026 — Genesis listed East Texas Family Medicine (
etfmed.com) and claimed exfiltration of internal files, threatening to publish sensitive medical data unless demands were met. - Genesis has repeatedly targeted smaller clinics and regional providers that lack enterprise-grade segmentation and backup isolation.
- Typical Genesis playbooks start with phishing or exposed remote access, then exfiltrate before encrypt — classic double extortion.

Incident at a Glance
| Field | Detail |
|---|---|
| Entity | East Texas Family Medicine |
| Domain | etfmed.com |
| Sector | Family medicine / healthcare |
| Threat actor | Genesis |
| Listing window | July 3–5, 2026 |
| Claimed volume | Internal files (volume unconfirmed publicly) |
| Org confirmation | Not publicly confirmed at source date |
| Data types claimed | Sensitive medical / internal healthcare files |
Data at Risk
| Category | Status in public reporting |
|---|---|
| Internal healthcare files | Claimed by Genesis |
| Patient PHI | Threatened leak; inventory unverified |
| Exact patient / employee counts | Not released publicly |
Because medical information is in play, affected people face elevated medical-identity misuse and benefits fraud — not just routine spam after a name-and-email leak.

Regulatory Context
| Requirement | Why it matters here |
|---|---|
| HIPAA / HHS OCR | Covered providers must report qualifying PHI incidents |
| Texas Business & Commerce Code §521.053 | Notify AG when a breach affects 250+ Texas residents |
| SB 2610 framing | Documented cybersecurity safeguards matter when Texans’ personal data is at stake |
Why Texas Clinics Should Care
Regional specialty and family-medicine practices face the same PHI obligations as major health networks — with thinner IT budgets. Genesis affiliates hunt flat networks, shared EHR workstations, and Microsoft 365 mail that scores far below 100% on identity and transport. Post-listing windows drive fake “patient portal” and “breach assistance” phishing.
Related East Texas CPA listing: Todd, Hamaker & Johnson / Akira. Also see San Antonio Gentlemen clinic ransomware.
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of etfmed.com on July 11, 2026. 100% is the ideal overall score for organizations handling patient PHI.
Scorecard (Ideal = 100%)
| Domain | Overall | Identity | Transport | Website | Email infra | Risk |
|---|---|---|---|---|---|---|
| Ideal posture | 100% | 100% | 100% | 100% | Enterprise M365/Google | — |
| etfmed.com | 48% | 35% | 15% | 45% | 100% (Microsoft 365) | Critical |
Gap vs Ideal
| Control area | Ideal | Score | Gap |
|---|---|---|---|
| Overall | 100% | 48% | −52 |
| Identity & Spoofing | 100% | 35% | −65 |
| Transport Security | 100% | 15% | −85 |
| Website Security | 100% | 45% | −55 |
Key findings:
- 48% overall (Critical Risk) — more than halfway below the 100% ideal for a clinic handling medical correspondence.
- 35% Identity & Spoofing — weak DMARC/SPF posture leaves room for spoofed patient and staff emails during an active notification window.
- 15% Transport Security — no effective MTA-STS
mode=enforceor TLS-RPT reporting. - 100% Email Infrastructure — Microsoft 365 / Exchange is solid hosting but does not offset weak identity and transport scores.
- 45% Website Security — public web hardening lags.

Weak public-domain email controls do not cause ransomware by themselves, but they amplify harm when attackers already claim patient contact data.
Audit link: etfmed.com audit
Priority Actions
If you are an East Texas Family Medicine patient:
- Treat unsolicited “breach help” or patient-portal texts/emails as hostile until you verify through a known clinic number.
- Use IdentityTheft.gov for fraud alerts or credit freezes.
- Watch explanation-of-benefits notices for unfamiliar care billed in your name.
For Texas clinics and dental/specialty practices:
- Enforce phishing-resistant MFA on Microsoft 365, EHR, imaging, and billing admin accounts.
- Deploy DMARC
p=reject(with aligned SPF/DKIM) on every patient-facing domain. - Add MTA-STS
mode=enforceand TLS-RPT to close the −85 transport gap. - Segment clinical, billing, and backup systems; test restores against double-extortion playbooks.
Related Trackers
- Todd, Hamaker & Johnson Akira ransomware
- San Antonio Gentlemen ransomware clinics
- HIPAA healthcare breach statistics
- Ransomware threat landscape
- Texas OAG YTD dashboard
Protect patient PHI and East Texas clinic email.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and ransomware tabletop planning.
Sources: DeXpose — Genesis ransomware / East Texas Family Medicine · GalaxyWarden — East Texas Family Medicine / Genesis · EmailMeNow audit — etfmed.com