Back to news
Cybersecurity Alert
July 11, 2026 by EmailMeNow IT Consulting

Was East Texas Family Medicine Hit by Genesis Ransomware? We Scanned Their Domain Security

Genesis ransomware claimed East Texas Family Medicine (etfmed.com) around July 3–5, 2026 and threatened to leak internal medical files. Independent audit scores etfmed.com at 48% Critical Risk vs a 100% ideal.

Source: DeXpose

NewsData BreachRansomwareGenesisTexasHealthcareCybersecurity
East Texas Family Medicine clinic targeted by Genesis ransomware

Yes — East Texas Family Medicine (etfmed.com) was claimed by the Genesis ransomware group around July 3–5, 2026, with a threat to leak sensitive medical / internal healthcare files, according to DeXpose and corroborating monitors such as GalaxyWarden.

Public reporting attributes the claim to the threat actors’ leak site. Exact patient counts and file inventories were not independently verified at publication time — but clinics holding PHI should treat a Genesis listing as a patient privacy and follow-on phishing event until forensics clear it.

We scanned etfmed.com against a 100% ideal domain-security score.

What Happened

According to DeXpose and GalaxyWarden:

  • July 3–5, 2026Genesis listed East Texas Family Medicine (etfmed.com) and claimed exfiltration of internal files, threatening to publish sensitive medical data unless demands were met.
  • Genesis has repeatedly targeted smaller clinics and regional providers that lack enterprise-grade segmentation and backup isolation.
  • Typical Genesis playbooks start with phishing or exposed remote access, then exfiltrate before encrypt — classic double extortion.

Illustration: Genesis ransomware leak-site extortion threat against East Texas family medicine clinic

Incident at a Glance

FieldDetail
EntityEast Texas Family Medicine
Domainetfmed.com
SectorFamily medicine / healthcare
Threat actorGenesis
Listing windowJuly 3–5, 2026
Claimed volumeInternal files (volume unconfirmed publicly)
Org confirmationNot publicly confirmed at source date
Data types claimedSensitive medical / internal healthcare files

Data at Risk

CategoryStatus in public reporting
Internal healthcare filesClaimed by Genesis
Patient PHIThreatened leak; inventory unverified
Exact patient / employee countsNot released publicly

Because medical information is in play, affected people face elevated medical-identity misuse and benefits fraud — not just routine spam after a name-and-email leak.

Illustration: medical PHI charts and clinic files exposed in Genesis ransomware claim

Regulatory Context

RequirementWhy it matters here
HIPAA / HHS OCRCovered providers must report qualifying PHI incidents
Texas Business & Commerce Code §521.053Notify AG when a breach affects 250+ Texas residents
SB 2610 framingDocumented cybersecurity safeguards matter when Texans’ personal data is at stake

Why Texas Clinics Should Care

Regional specialty and family-medicine practices face the same PHI obligations as major health networks — with thinner IT budgets. Genesis affiliates hunt flat networks, shared EHR workstations, and Microsoft 365 mail that scores far below 100% on identity and transport. Post-listing windows drive fake “patient portal” and “breach assistance” phishing.

Related East Texas CPA listing: Todd, Hamaker & Johnson / Akira. Also see San Antonio Gentlemen clinic ransomware.

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of etfmed.com on July 11, 2026. 100% is the ideal overall score for organizations handling patient PHI.

Scorecard (Ideal = 100%)

DomainOverallIdentityTransportWebsiteEmail infraRisk
Ideal posture100%100%100%100%Enterprise M365/Google
etfmed.com48%35%15%45%100% (Microsoft 365)Critical

Gap vs Ideal

Control areaIdealScoreGap
Overall100%48%−52
Identity & Spoofing100%35%−65
Transport Security100%15%−85
Website Security100%45%−55

Key findings:

  • 48% overall (Critical Risk) — more than halfway below the 100% ideal for a clinic handling medical correspondence.
  • 35% Identity & Spoofing — weak DMARC/SPF posture leaves room for spoofed patient and staff emails during an active notification window.
  • 15% Transport Security — no effective MTA-STS mode=enforce or TLS-RPT reporting.
  • 100% Email Infrastructure — Microsoft 365 / Exchange is solid hosting but does not offset weak identity and transport scores.
  • 45% Website Security — public web hardening lags.

Illustration: etfmed.com 48% email security audit versus 100% ideal

Weak public-domain email controls do not cause ransomware by themselves, but they amplify harm when attackers already claim patient contact data.

Audit link: etfmed.com audit

Priority Actions

If you are an East Texas Family Medicine patient:

  • Treat unsolicited “breach help” or patient-portal texts/emails as hostile until you verify through a known clinic number.
  • Use IdentityTheft.gov for fraud alerts or credit freezes.
  • Watch explanation-of-benefits notices for unfamiliar care billed in your name.

For Texas clinics and dental/specialty practices:

  • Enforce phishing-resistant MFA on Microsoft 365, EHR, imaging, and billing admin accounts.
  • Deploy DMARC p=reject (with aligned SPF/DKIM) on every patient-facing domain.
  • Add MTA-STS mode=enforce and TLS-RPT to close the −85 transport gap.
  • Segment clinical, billing, and backup systems; test restores against double-extortion playbooks.

Protect patient PHI and East Texas clinic email.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and ransomware tabletop planning.


Sources: DeXpose — Genesis ransomware / East Texas Family Medicine · GalaxyWarden — East Texas Family Medicine / Genesis · EmailMeNow audit — etfmed.com