Ransomware group Stormous claims it stole data from 600,000 North Country HealthCare patients across 14 sites in northern Arizona.
The Stormous ransomware gang claims it has stolen personal and health data belonging to 600,000 patients from health provider North Country HealthCare.
North Country HealthCare is a nonprofit, federally qualified health center (FQHC) based in northern Arizona. It provides primary healthcare services to people of all ages across 14 locations in 11 communities. Their services include family medicine, pediatrics, prenatal care, behavioral health, dental care, telemedicine, physical therapy, and more. They accept most insurance plans and offer income-based sliding fee discounts for uninsured patients.
On July 13, 2025, the ransomware group Stormous listed North Country HealthCare on its data leak site, claiming to have stolen sensitive information on 600,000 patients. The group claimed the theft offull personally identifiable information, protected health data, diagnostic codes, clinic and provider details—such as names, birthdates, contact information, clinic visit details, insurance providers, and medical diagnoses. The ransomware group initially announced the sale of the data of 100,000 patients and release the remaining 500,000 records publicly for free.
“Stormous claims to have obtained the health information of 600,000 patients, including “full personally identifiable information (PII), Protected Health Information (PHI), diagnostic codes (ICD), clinic data, provider details.” They include full name, date of birth, gender, phone number, clinic name, visit date/location, insurance provider, ICD code, and a description of the diagnosis. The group claims that the data of 100,000 patients will be listed for sale, and the data of 500,000 patients will be listed on the leak site for free.” reported the HIPAA Journal. “According to a July 15, 2025, update, the files have been published.”
Stormous is a pro-Russia ransomware group active since early 2022. It uses a double extortion model. The group has targeted at least 150 organizations, focusing on sectors like healthcare, hospitality, technology, business services, and government. Most of the victims are in Spain, the U.S., UAE, France, and Brazil.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
