North Country HealthCare Breach Allegedly Impacts 600K Patients, Stormous Ransomware Claims Attack

• Stormous Ransomware published samples from an alleged data breach targeting North Country HealthCare.
• The threat actor intends to sell 500,000 patient records and leak another 100,000.
• The stolen data reportedly includes personal health information, patient medical records, and other confidential documents.

The Stormous ransomware gang has claimed responsibility for a significant cyberattack targeting North Country HealthCare, a federally qualified community health center serving 13 northern Arizona communities. 

According to the group, sensitive data, including Protected Health Information (PHI), has been exfiltrated, potentially affecting up to 600,000 patients. The attack allegedly involved the unauthorized access and exfiltration of large volumes of sensitive files. 

The Stormous ransomware gang claims that the stolen data includes full Personally Identifiable Information (PII), Protected Health Information (PHI), diagnostic codes, clinic data, and insurance details such as name, date of birth, gender, and phone number. 

To substantiate these allegations, the threat actors have uploaded sample files and announced that 100,000 of these records will be leaked, while the rest will be for sale.

Such information is highly valuable on the dark web, often sold to the highest bidder or exploited for further criminal operations. PHI breaches also have significant repercussions, including identity theft, financial fraud, and exploitation of medical benefits.  

North Country HealthCare, which plays a pivotal role in delivering medical services across northern Arizona communities, faces potential disruptions not only to patient care but also to operational workflows as the aftermath of the breach unfolds.  

Medical institutions are increasingly targeted due to their reliance on digital infrastructure and sensitive data, often making them lucrative targets for threat actors.  

Breaches of this magnitude deepen the narrative surrounding healthcare cybersecurity threats and highlight critical weaknesses in safeguarding PHI. For patients, the risks extend beyond privacy violations to more catastrophic outcomes, such as delays in care or financial loss.  

On the other hand, the growing threat of supply chain attacks, as seen in the Cl0p ransomware incident affecting hundreds of organizations, is emphasized in the Black Kite's 2025 cybersecurity report.

In other sectors, such as the financial ecosystem, attackers are exploiting vulnerabilities in third-party vendors, with 92% of these vendors receiving poor security scores. Key findings include outdated systems, poor patch management, and credential exposures among vendors, with 31 out of 140 exhibiting critical vulnerabilities.