Stormous Ransomware Gang Targets North Country HealthCare, Claims 600K Patient Data Stolen
A devastating cyberattack has struck North Country HealthCare, a nonprofit health provider in northern Arizona. The Stormous ransomware gang claims to have stolen sensitive information from 600,000 patients, leaving the healthcare organization reeling.
North Country HealthCare is a federally qualified health center (FQHC) that provides primary care services to people of all ages across 14 locations in 11 communities. Their services include family medicine, pediatrics, prenatal care, behavioral health, dental care, telemedicine, physical therapy, and more. The organization accepts most insurance plans and offers income-based sliding fee discounts for uninsured patients.
On July 13, 2025, the ransomware group Stormous listed North Country HealthCare on its data leak site, claiming to have stolen personally identifiable information, protected health data, diagnostic codes, clinic and provider details – including names, birthdates, contact information, clinic visit details, insurance providers, and medical diagnoses. The group initially announced the sale of the data of 100,000 patients, with the remaining 500,000 records listed for free.
"Stormous claims to have obtained the health information of 600,000 patients, including 'full personally identifiable information (PII), Protected Health Information (PHI), diagnostic codes (ICD), clinic data, provider details,'" reported the HIPAA Journal. "They include full name, date of birth, gender, phone number, clinic name, visit date/location, insurance provider, ICD code, and a description of the diagnosis."
According to a July 15, 2025, update, the files have been published on the data leak site. This means that all 600,000 patients affected by the breach will now have access to their stolen personal and health information.
About Stormous Ransomware Gang
Stormous is a pro-Russia ransomware group active since early 2022. The group uses a double extortion model, where it demands payment in exchange for not releasing the stolen data on the dark web. This model has been used by many other notorious ransomware groups, including REvil and Conti.
The Stormous gang has targeted at least 150 organizations across various sectors, focusing on healthcare, hospitality, technology, business services, and government. Many of its victims are located in Spain, the U.S., UAE, France, and Brazil.
Consequences for North Country HealthCare
The breach of personal and health data at North Country HealthCare has significant implications for patients and the organization itself. Patients may be vulnerable to identity theft, medical errors, or other forms of exploitation due to their sensitive information being compromised.
The attack also highlights the vulnerability of healthcare organizations to cyber threats. As more healthcare providers move online, they become increasingly reliant on technology systems that can be exploited by malicious actors.
Cybersecurity Measures and Prevention
As the number of ransomware attacks continues to rise, it's essential for organizations like North Country HealthCare to prioritize cybersecurity measures. This includes implementing robust security protocols, conducting regular backups, and educating employees on how to prevent and respond to cyber threats.
Patients can also take steps to protect themselves by monitoring their credit reports, being cautious when receiving unsolicited emails or phone calls, and seeking medical attention if they suspect that their sensitive information has been compromised.