A ransomware group known as Stormous has claimed responsibility for a significant data breach involving 600,000 patients of North Country HealthCare, a community health center serving northern Arizona. The group alleges it stole a wide range of sensitive information, including personally identifiable information (PII), protected health information (PHI), diagnostic codes, clinic details, and provider data. Stormous first listed North Country HealthCare on its dark web data leak site on July 13, 2025, and has already published the data, claiming 100,000 patient records are for sale while the remaining 500,000 are available for free.

Stormous, a pro-Russian ransomware group active since 2022, engages in double extortion attacks, stealing data and encrypting systems before demanding a ransom. The group typically targets sectors such as healthcare, technology, government, and hospitality, with the United States among its top targets. While North Country HealthCare has not confirmed the breach or issued a public statement, the attack underscores the growing risk to healthcare organizations and the serious consequences of cyber incidents involving patient data.

This breach highlights the urgent need for healthcare providers and all critical sectors to implement robust network security measures, including full packet capture, comprehensive log management, and real-time analysis across a unified platform such as NIKSUN's. These tools provide 100% situational awareness, enabling proactive detection, faster incident response, and effective mitigation of threats before sensitive data is exfiltrated or systems are compromised. In a landscape where ransomware actors are increasingly aggressive and targeted, only end-to-end visibility can ensure resilience and regulatory compliance. Read more about this story on our LinkedIn page