Arc Community Services Discloses Year-Old Ransomware Attack
ARC Community Services, a Madison, Wisconsin–based provider of behavioral health, substance use disorder treatment, and family support services, has disclosed a ransomware attack involving unauthorized network access and data exfiltration. The organization detected suspicious activity on 11/4/24. Subsequent analysis confirmed that attackers accessed and exfiltrated sensitive data, including names, contact details, dates of birth, medical record numbers, protected health information (PHI), driver’s license numbers, and financial account information. ARC has offered affected individuals complimentary credit monitoring, identity theft protection, and fraud assistance as a precaution.
Filings with the New Hampshire Attorney General confirmed the incident was a ransomware attack conducted by the INC Ransom group. Nearly a year later, ARC remains listed on the group’s data leak site, indicating that a ransom was likely not paid. File review finally confirmed on 8/28/25 that patient PHI was included in the exfiltrated data, with the full review completed by 11/6/25. After significant period of time, notifications letters were mailed this month, following delays attributed to the complexity of identifying affected individuals, validating the precise data elements involved, and obtaining accurate contact information.
This incident underscores both the heightened risk facing healthcare and other organizations and the critical need for a unified, next-generation security and observability strategy with a platform like NIKSUN. By correlating telemetry across networks, endpoints, clinical systems, cloud services, and user activity, organizations can rapidly detect ransomware intrusion, lateral movement, and data exfiltration - while automating containment and response. Fragmented tools delay detection and increase breach impact; only an integrated, end-to-end visibility platform delivers the situational awareness, compliance defensibility, and resilience required to protect patients, providers, and community trust. Read more about this story on our LinkedIn page
Filings with the New Hampshire Attorney General confirmed the incident was a ransomware attack conducted by the INC Ransom group. Nearly a year later, ARC remains listed on the group’s data leak site, indicating that a ransom was likely not paid. File review finally confirmed on 8/28/25 that patient PHI was included in the exfiltrated data, with the full review completed by 11/6/25. After significant period of time, notifications letters were mailed this month, following delays attributed to the complexity of identifying affected individuals, validating the precise data elements involved, and obtaining accurate contact information.
This incident underscores both the heightened risk facing healthcare and other organizations and the critical need for a unified, next-generation security and observability strategy with a platform like NIKSUN. By correlating telemetry across networks, endpoints, clinical systems, cloud services, and user activity, organizations can rapidly detect ransomware intrusion, lateral movement, and data exfiltration - while automating containment and response. Fragmented tools delay detection and increase breach impact; only an integrated, end-to-end visibility platform delivers the situational awareness, compliance defensibility, and resilience required to protect patients, providers, and community trust. Read more about this story on our LinkedIn page