Stormous Ransomware Targets North Country HealthCare: 600K Patient Records Compromised

TL;DR

• The Stormous ransomware gang claims to have stolen data from 600,000 patients of North Country HealthCare.
• Sensitive information, including personal and health data, was compromised and partially listed for sale.
• Stormous is a pro-Russia group known for its double extortion tactics and has targeted numerous organizations globally.

Main Content

Ransomware Attack on North Country HealthCare

The Stormous ransomware gang has claimed responsibility for a significant data breach affecting North Country HealthCare, a nonprofit healthcare provider based in northern Arizona. The group alleges it has stolen personal and health data belonging to 600,000 patients across 14 sites¹.

North Country HealthCare is a federally qualified health center (FQHC) offering a range of primary healthcare services, including family medicine, pediatrics, prenatal care, behavioral health, dental care, telemedicine, and physical therapy. The organization serves patients of all ages and accepts most insurance plans, providing sliding fee discounts for uninsured patients based on income².

Details of the Data Breach

On July 13, 2025, Stormous listed North Country HealthCare on its data leak site, claiming to have stolen sensitive information on 600,000 patients. The compromised data includes:

• Full personally identifiable information (PII)
• Protected health information (PHI)
• Diagnostic codes (ICD)
• Clinic and provider details
• Names, birthdates, contact information
• Clinic visit details, insurance providers
• Medical diagnoses

The ransomware group initially announced the sale of data belonging to 100,000 patients and threatened to release the remaining 500,000 records publicly for free. According to a July 15, 2025 update, the files have been published³.

Stormous Ransomware Group

Stormous is a pro-Russia ransomware group active since early 2022. The group employs a double extortion model, targeting organizations by encrypting their data and threatening to leak it unless a ransom is paid. Stormous has targeted at least 150 organizations across various sectors, including healthcare, hospitality, technology, business services, and government. Most of their victims are located in Spain, the U.S., UAE, France, and Brazil⁴.

Follow for Updates

For the latest updates on cybersecurity news and threats, follow:

• Twitter: @securityaffairs
• Facebook: Security Affairs
• Mastodon: @securityaffairs

About the Author

• Pierluigi Paganini

For more details, visit the full article: source

Conclusion

The cyberattack on North Country HealthCare by the Stormous ransomware gang highlights the ongoing threat of data breaches in the healthcare sector. The incident underscores the importance of robust cybersecurity measures to protect sensitive patient information. As cyber threats continue to evolve, healthcare providers must remain vigilant and proactive in safeguarding their data.

Additional Resources

For further insights, check:

• Security Affairs

References

1. Security Affairs (2025). “Stormous ransomware hit Coca-Cola”. Retrieved 2025-07-17. ↩︎

2. North Country HealthCare (2025). “About Us”. Retrieved 2025-07-17. ↩︎

3. HIPAA Journal (2025). “Ransomware Group Claims 600,000 Patients Data Stolen”. Retrieved 2025-07-17. ↩︎

4. Security Affairs (2025). “Stormous Ransomware Group”. Retrieved 2025-07-17. ↩︎