Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

Ransomware group Stormous claims it stole data from 600,000 North Country HealthCare patients across 14 sites in northern Arizona. The Stormous ransomware gang claims it has stolen personal and health data belonging to 600,000 patients from health provider North Country HealthCare. North Country HealthCare is a nonprofit, federally qualified health center (FQHC) based in northern […]

Signature Healthcare

Ransomware group Stormous claims it stole data from 600,000 North Country HealthCare patients across 14 sites in northern Arizona.

The Stormous ransomware gang claims it has stolen personal and health data belonging to 600,000 patients from health provider North Country HealthCare.

North Country HealthCare is a nonprofit, federally qualified health center (FQHC) based in northern Arizona. It provides primary healthcare services to people of all ages across 14 locations in 11 communities. Their services include family medicine, pediatrics, prenatal care, behavioral health, dental care, telemedicine, physical therapy, and more. They accept most insurance plans and offer income-based sliding fee discounts for uninsured patients.

On July 13, 2025, the ransomware group Stormous listed North Country HealthCare on its data leak site, claiming to have stolen sensitive information on 600,000 patients. The group claimed the theft offull personally identifiable information, protected health data, diagnostic codes, clinic and provider details—such as names, birthdates, contact information, clinic visit details, insurance providers, and medical diagnoses. The ransomware group initially announced the sale of the data of 100,000 patients and release the remaining 500,000 records publicly for free.

“Stormous claims to have obtained the health information of 600,000 patients, including “full personally identifiable information (PII), Protected Health Information (PHI), diagnostic codes (ICD), clinic data, provider details.” They include full name, date of birth, gender, phone number, clinic name, visit date/location, insurance provider, ICD code, and a description of the diagnosis. The group claims that the data of 100,000 patients will be listed for sale, and the data of 500,000 patients will be listed on the leak site for free.” reported the HIPAA Journal. “According to a July 15, 2025, update, the files have been published.”

Stormous is a pro-Russia ransomware group active since early 2022. It uses a double extortion model. The group has targeted at least 150 organizations, focusing on sectors like healthcare, hospitality, technology, business services, and government. Most of the victims are in Spain, the U.S., UAE, France, and Brazil.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)