A network of health care providers pocketed millions of dollars selling hydroxychloroquine, ivermectin, and online consultations, according to hacked data provided to The Intercept. The data show that vast sums of money are being extracted from people concerned about or suffering from Covid-19 but resistant to vaccinations or other recommendations of public health authorities.

America’s Frontline Doctors, a right-wing group founded last year to promote pro-Trump doctors during the coronavirus pandemic, is working in tandem with a small network of health care companies to sow distrust in the Covid-19 vaccine, dupe tens of thousands of people into seeking ineffective treatments for the disease, and then sell consultations and millions of dollars’ worth of those medications. The data indicate patients spent at least $15 million — and potentially much more — on consultations and medications combined.

The Intercept has obtained hundreds of thousands of records from two companies, CadenceHealth.us and Ravkoo, revealing just how the lucrative operation works. America’s Frontline Doctors, or AFLDS, has been spreading highly politicized misinformation about Covid-19 since the summer of 2020 and refers its many followers to its telemedicine partner SpeakWithAnMD.com, which uses Cadence Health as a platform. People who sign up then pay $90 for a phone consultation with “AFLDS-trained physicians” who prescribe treatments such as hydroxychloroquine and ivermectin to prevent and treat Covid-19. The drugs are delivered by Ravkoo, a service that works with local pharmacies to ship drugs to patients’ doors. Of course, that’s if patients ever get the consultation; many customers told Time they never received the call after paying.

The data from the Cadence Health and Ravkoo sites was provided to The Intercept by an anonymous hacker who said the sites were “hilariously easy” to hack, despite promises of patient privacy. It was corroborated by comparing it to publicly available information. The Intercept is not publishing any individual patient data and has taken steps to secure the data. After The Intercept reached out, Cadence Health’s Roque Espinal-Valdez said he shut the platform down, not wanting any part in profiting off of Covid-19 “quackery.”

America’s Frontline Doctors, which debuted in the summer of 2020, has close ties to a network of right-wing efforts to undermine public health during the pandemic, including the Tea Party Patriots. AFLDS’s founder, physician Simone Gold, was arrested and charged after the deadly attack on the U.S. Capitol on January 6. She and other doctors have appeared in widely shared videos arguing that the drugs hydroxychloroquine and ivermectin — which are primarily used to treat malaria in humans and parasitic worms in livestock, respectively — are effective treatments for Covid-19, despite warnings from the World Health Organization and Centers for Disease Control and Prevention against using them.

The extremely partisan group also misleads people about Covid-19 vaccines, which they refer to as “experimental biological agents,” and against public health measures like vaccine mandates, masking, social distancing, and restrictions on businesses. In a video titled “The Truth About Covid-19 Vaccines,” which has received over 1.3 million views, Gold falsely argues that Covid-19 is not very deadly and that the vaccines are more dangerous than the virus itself. Over 690,000 Americans so far have died from the virus, and unvaccinated people now make up 99 percent of recent Covid-19 deaths.

“Misinformation can be really powerful to swindle people into buying products.”

“Misinformation can be really powerful to swindle people into buying products,” Dr. Kolina Koltai, who researches vaccine misinformation in digital communities at the University of Washington’s Center for an Informed Public, told The Intercept. “America’s Frontline Doctors are able to scale this up massively.”

The hacked data includes information on 281,000 patients created in the Cadence Health database between July 16 and September 12, 2021 — 90 percent of whom were referred from America’s Frontline Doctors. In just those two months, patients paid an estimated $6.7 million for consultations. The data also includes notes from patients’ phone consultations, which sometimes include medical histories and prescription information.

Roque Espinal, Cadence Health’s CEO, told The Intercept that he was unaware of the scheme and that Cadence Health simply provided a telehealth platform for SpeakWithAnMD.com, its patients, and physicians. “I’m totally flabbergasted. I had to look up exactly who these people were,” he said. “I’m fully vaccinated. My children are fully vaccinated. I’m trying to make heads and tails of this right now.” After talking with The Intercept on Monday, Espinal said he terminated service with SpeakWithAnMD. He added, “I don’t want to be associated with any crap like that. None of that quackery that’s going on.” SpeakWithAnMD’s telemedicine platform, which relies on Cadence Health, is currently down.

“[SpeakWithAnMD] is not part of the anti-vax movement and we do not oppose vaccinations,” Jim Flinn, a public relations agent working for the site’s parent company, Encore Telemedicine, told The Intercept.

“American Frontline Doctor’s [sic] take these issues very seriously,” Thomas Gennaro, a lawyer for America’s Frontline Doctors, told The Intercept in a statement. “For AFLDS, positive patient-physician outcomes and confidentiality is critical. We understand that the information from this was reported to the FBI, and AFLDS launched a third-party audit and are responding to this issue with the utmost attention.”

The hacker also provided records of 340,000 prescriptions that Ravkoo has filled between November 3, 2020, and September 11, 2021 — amounting to an estimated $8.5 million in drug costs. Forty-six percent of the prescriptions are for hydroxychloroquine or ivermectin, and another 30 percent are for zinc or azithromycin, two other ineffective medications that the SpeakWithAnMD physicians, who America’s Frontline Doctors claims it trains, prescribe in their Covid-19 consultations.

“We take data breaches very seriously,” Ravkoo CEO Alpesh Patel told The Intercept. Patel claims that Ravkoo stopped doing business with SpeakWithAnMD and AFLDS at the end of August because “the volume over there went up crazy, and we didn’t feel comfortable. And we don’t have that much capacity to fill that many prescriptions.” The hacked data shows that they filled hundreds more prescriptions for AFLDS in the first weeks of September. “That might be refills or prescriptions that got stuck and we had to fill it,” Patel claimed.

The WHO recommends against taking hydroxychloroquine to treat Covid-19 because it’s ineffective and can have negative side effects. Cardiologists warn that hydroxychloroquine taken with azithromycin, a combination that former President Donald Trump publicly supported, increases the risk of dangerous irregular heartbeats that could be fatal. The CDC advised people not to take ivermectin, saying that it can cause “severe illness.” The Food and Drug Administration issued similar warnings and tweeted, “You are not a horse. You are not a cow. Seriously, y’all. Stop it,” with a link to an article explaining that taking it for Covid-19 can cause extreme health issues.

At least one of the prescribers is aware that medical experts recommend against using these drugs to prevent or treat Covid-19 but prescribed them anyway, according to patient records. One physician included this disclaimer in their consultation notes with several patients: “I, [physician’s name], have a complete understanding of the recent release from the WHO, FDA, CDC, and NIH on March 5th, 2021 as it pertains to the use and prescribing of Hydroxychloroquine and Ivermectin. I understand that these two medications have been deemed ‘Highly Not Recommended’ by the for-mentioned [sic] medical governing bodies but are not illegal to prescribe. … I have explained that I will not be held legally or medically responsible for an adverse reaction by this patient should they choose to take them and have explained they will not be able to hold me medically neglectful, pursue any form of malpractice, nor any criminal and civilly [sic] suits.”

Beginning last week, the intake form began showing a similar disclaimer to all patients. “As a potential patient, I acknowledge and understand that the Hydroxychloroquine (HCQ) and Ivermectin have been deemed ‘Highly Not Recommended’ by the WHO, FDA, CDC, and NIH,” the disclaimer says. “Should a patient choose to not disclose their proper medical history, the clinician cannot be held liable nor can any medical license in any state be reviewed or held accountable.” Patients must check a box that says “I understand” to continue.

“In facilitating the doctor/patient relationship, our MD’s are fully licensed and operate within the rules and regulations of the medical profession,” Flinn, the spokesperson for SpeakWithAnMD’s parent company, said. “If a TeleMD in the Speak program decides any FDA medication is appropriate, then the MD can prescribe an FDA-approved medication off-label for any medical condition the TeleMD considers appropriate.”

scam-chart-1

Chart: Soohee Cho/The Intercept

“Extremely Pro-Trump” Doctors

The foundation for America’s Frontline Doctors was laid in a May 11, 2020, conference call between a senior staffer in Trump’s reelection campaign and the Republican activist group CNP Action. They reportedly discussed finding “extremely pro-Trump” doctors to go on TV and defend Trump’s plan to rapidly reopen the economy despite the more cautious safety guidance coming from the CDC.

Then, on June 24 of last year, Gold started an Arizona nonprofit called the Free Speech Foundation with a million-dollar annual budget and fiscal sponsorship from the Tea Party Patriots Foundation. America’s Frontline Doctors, which is a project of this nonprofit, launched on July 27, 2020. Gold, who NPR confirmed is a licensed physician in California, along with other doctors in white lab coats, held a press conference on the steps of the Supreme Court building where they falsely claimed that a cocktail of hydroxychloroquine, azithromycin, and zinc could “cure” Covid-19. Another of the group’s doctors who spoke outside the court was Stella Immanuel, who called the use of masks unnecessary, and quickly earned viral fame when it was revealed that she had previously claimed that the uterine disorder endometriosis is caused by sex with demons that takes place in dreams. The event was livestreamed on Breitbart, and videos of it were viewed millions of times on social media after being shared on Twitter by then-President Trump before tech companies took them down for violating rules against pandemic misinformation. More recently, the group has been promoting ivermectin as a miracle cure for Covid-19.

“[America’s Frontline Doctors] are really good at manipulating science to seem like the vaccine is not safe, or is not tested, or is not necessary, which is why they’ve been particularly impactful in the last year plus,” Koltai said.

But it wasn’t until early 2021, when over 345,000 Americans had already died from the pandemic, that America’s Frontline Doctors started to advertise $90 telehealth consultations to receive prescriptions for alternative treatments to Covid-19 on its site.

On January 3, Gold told a packed, maskless church audience in Tampa, Florida, that America’s Frontline Doctors made “hydroxychloroquine available for the entire nation by going to our website.” A video of the lecture, “The Truth About the Covid-19 Vaccine,” has been viewed 1.3 million times on the video-hosting site Rumble after being removed from YouTube. “Then you can consult with a telemedicine doctor. And whether you have Covid, or you don’t have Covid, or you’re just worried about getting Covid, you can get yourself a prescription and they mail it to you.” She added, “The big fight wasn’t the virus, it was the fear.”

Simultaneously, America’s Frontline Doctors began referring its followers for telemedicine appointments. Its website leads prospective customers through a series of preliminary questions before directing them to SpeakWithAnMD.com. “Find out how to obtain prescription medication for COVID-19 with our AFLDS-trained physicians in three easy steps,” it reads, before a prominent “Get Medication” button.

Signing up for a Covid-19 consultation with America’s Frontline Doctors. Screenshots taken Sept. 20, 2021.Screenshots: The Intercept

AFLDS reaches its audience through a variety of social media platforms. Gold, the group’s founder, has more than 340,000 Twitter followers, and she regularly posts anti-vaccine content, such as this video of podcaster Joe Rogan falsely claiming that ivermectin and other drugs that have been shown to be ineffective at treating Covid-19 has cured him of the virus.

On Saturday, Gold started an account on Gab, a social media site popular with right-wing extremists, and she already has more than 36,000 followers who have posted thousands of comments on her page. AFLDS’s Facebook page has 112,000 followers, its Telegram channel has 184,000 subscribers, and 28,000 people are subscribed to the group’s channel on Rumble.

Their anti-vaccine propaganda also shows up in religious email newsletters, like this one from a group called Bridge Connection Ministries, which contains a plug for AFLDS that asks, “Have you been exposed to COVID by someone who was recently VAXXED?”

consult-screenshot

Bridge Connection Ministries newsletter.

Screenshot: The Intercept

Cadence Health

The two months’ worth of patient records that The Intercept has access to show that AFLDS referred over 255,000 people to speak with physicians in order to get Covid-19 treatments. Of those people, 72,000 paid $90 for phone consultations, and many of those had follow-up consultations costing $59.99 each. The hacked data from Cadence Health does not include payment data itself, but doing the math, in just that two-month period, patients appear to have paid more than $6.7 million for phone consultations alone. This data does not include all of the $90 phone consultations from January to July, when SpeakWithAnMD appears to have hosted the intake forms for $90 telemedicine consultations directly, according to archived versions of the site. The telemedicine site appears to be billing patients directly and not their insurance companies.

Espinal claims that Cadence Health didn’t collect credit card payments and that the $90 charges for telehealth were made using SpeakWithAnMD’s payment processor. Espinal told The Intercept he charged SpeakWithAnMD a total of $17,500 for using its platform and that SpeakWithAnMD was his first and only customer.

After The Intercept reached out to the companies for comment on Monday, SpeakWithAnMD’s parent company, Encore Telemedicine, had an emergency meeting with lawyers from AFLDS, according to Espinal, who briefly attended the meeting via Zoom. “There were 16 different attorneys,” he told The Intercept, though Gold was not present. According to Espinal, he told the lawyers, “I’m ending my contract with you guys immediately,” and then left. Afterward, he took down Cadence Health’s service, preventing SpeakWithAnMD from operating.

The hacked data from Cadence Health gives insight into the patients themselves. Of those 72,000 patients in that two-month period, 58 percent were female, 38 percent were male, and 4 percent chose not to answer the question. While people of all ages sought consultations with AFLDS’s health care providers, people in their 50s and 60s were more likely to engage than other age groups. According to data provided by the CDC, Covid-19 patients aged 50 to 64 are four times more likely to be hospitalized and 30 times more likely to die than people aged 18 to 29. Covid-19 patients aged 65 to 74 are five times more likely to be hospitalized and 90 times more likely to die.

People in every state in the county, as well as Washington, D.C., sought the unproven Covid-19 treatments. 8,600 people in California paid $90 for telehealth consultations, as did another 8,000 in Florida and 7,400 in Texas. More than 1,000 people in each of an additional 21 states consulted health care providers through the service. The only states that contained less than 100 patients were Delaware and Vermont. Houston, Las Vegas, Phoenix, and Jacksonville all had over 300 patients.

This map, based on the hacked data, shows how many people sought unproven Covid-19 treatments from each city, for cities that have at least 10 users. Each dot is mapped to the geographic center of the city. No individual home addresses are represented in the map.

Ravkoo

Ravkoo filled its first prescription from AFLDS just 10 days after Gold’s “The Truth About the Covid-19 Vaccine” speech, on January 13, for hydroxychloroquine. In the data for the prescription, “AMERICAS FRONT LINE DOCTORS – ENCORE” is listed under the “remarks” field.

In the hacked data, each of the 340,000 prescriptions filled by Ravkoo between November 3, 2020, and September 11, 2021, lists a price. Adding up the prices of each type of medication shows that the online pharmacy apparently charged people a total of $4.7 million for ivermectin, $2.4 million for azithromycin, $1.2 million for hydroxychloroquine, $175,000 for zinc, and $52,000 for vitamin C. It appears that the vast majority of these medicines were paid for out-of-pocket rather than through insurance. Only $500 of these medicine sales were paid by insurance providers. Patel told The Intercept that Ravkoo doesn’t take a cut of prescription sales and that they run a platform that delivers prescriptions to local pharmacies — “Just like Uber,” he said — but didn’t answer follow-up questions about Ravkoo’s business model.

The Better Business Bureau warns that there are “current alerts” for Ravkoo, where the pharmacy has one out of five stars. Customers describe the pharmacy ignoring calls and emails about prescriptions for Covid-19 medicine from AFLDS.

On September 2, the pharmacy responded to complaints to the Better Business Bureau, saying, “We are no longer affiliated with AFLD [sic] or speakwithanmd.com. We are working diligently to resolve this issue.” Yet the hacked data includes 268 prescriptions that mention AFLDS between September 2 and September 11, the date Ravkoo was hacked.

scam-chart-12

Chart: Soohee Cho/The Intercept

When asked why the vast majority of prescriptions filled by Ravkoo appear to be for unproven Covid-19 treatments, Patel explained, “We don’t control who sends us business. Let’s put it that way. We don’t have formal contracts with particular companies. Patients can send us business.” Ravkoo could “find pharmacies for our patients who can pull ivermectin and get them at a lower cost. So patients are talking to each other, and that’s how that business might have — how America’s Frontline might have got to know us and started sending us business.”

Patel also claimed that he “got a threatening letter from one of the doctors saying, ‘Hey, if you don’t fill that prescription I’m gonna sue you.’ So pharmacists are put in a really tough position here.”

“Hilariously Easy” to Hack

“The whole online and telemedicine space is a bit of a Wild West because of the way the pandemic forced everyone to deal with telehealth right away,” Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, told The Intercept.

The websites involved in this telemedicine operation were all built during the pandemic to take advantage of this Wild West. Certificate transparency records, which list which SSL certificates are created and when, show that the domain speakwithanmd.com was first set up in March last year, ravkoo.com was first set up in September last year, and cadencehealth.us was first set up in February of this year.

While the pandemic popularized telehealth, “patients still had to go to the pharmacy to pick up the prescription, and that’s where we came up with the idea to make a prescription delivery platform offering free nationwide same-day delivery,” Patel said while describing his motivation for starting the company.

The hacker told The Intercept that Cadence Health and Ravkoo were “hilariously easy” to hack. The websites of both companies had broken access controls, one of the most common mistakes in web application security.

The Cadence Health website only validated user input on the client side, not the server side, according to the hacker. This means that when a user accesses the telemedicine site the normal way, by loading the site in their browser, they can only access their own data, but if they write a program that tries to access other data on the server, the server will respond with that data. The hacker simply asked the server for all patient data.

Cadence Health’s website describes itself as the “most secure PCI & HIPAA-compliant VirtualCare Platform.” “Our website is still in development,” Espinal told The Intercept. “We don’t even have content. This was not supposed to be live.”

The Ravkoo website had a “hidden admin panel that every user can log in to and view all the data,” according to the hacker. Using this admin panel, the hacker was able to exfiltrate all of the online pharmacy’s prescription data. The vulnerability in Ravkoo’s website also appears to be fixed, according to the hacker, who reached back out to The Intercept after checking.

“It’s quite possible that [the companies] violated HIPAA by having such weak security,” Tien said. The Health Insurance Portability and Accountability Act is a federal law that requires health care providers to protect sensitive “patient health information” from being disclosed without the patient’s consent or knowledge. The current security rule defined by HIPAA requires providers to “implement technical policies and procedures that allow only authorized persons to access electronic protected health information.”

HIPAA also defines a breach notification rule that requires health care providers to “notify affected individuals following the discovery of a breach” within two months of discovering the breach. Providers must individually notify affected patients by first-class mail or email, and if they have outdated contact information for enough patients, they’re required to post a public notice on their website or “in major print or broadcast media where the affected individuals likely reside.” If the breach affected more than 500 people, like the Cadence Health and Ravkoo breaches do, they are also required to “provide notice to prominent media outlets” serving the jurisdiction where the patients live.

While HIPAA rules have been loosened during the pandemic to accommodate telemedicine, health care providers are still required to protect sensitive patient health information that they collect.

The companies were left pointing fingers at each other. Espinal, Cadence Health’s CEO, told The Intercept that the patient database is hosted in Encore Telemedicine’s Amazon Web Services account and that his company does not have access to this data. Flinn, the public relations agent working for Encore, insists that the database is in Cadence’s AWS account, not in Encore’s.

“Following the money is a really important thing,” Koltai, of Center for an Informed Public, said.

Update: September 29, 2021
The map has been updated to clarify that each dot represents the geographic center of each city with ten or more users. No individual home addresses are represented in the map.