Asheville Eye Associates and Neurological Associates of Washington: Seattle-area neurologist warns 13,500 people of data breach that leaked SSNs, medical info

DragonForce Ransomware Gang Strikes Neurological Associates of Washington, Exposing 13,500 Patients’ Data

Neurological Associates of Washington, a neurology clinic in Kirkland, Washington, confirmed a December 2025 data breach affecting 13,500 state residents. The cybercriminal group DragonForce claimed responsibility for the attack on December 27, 2025, alleging it stole 1.4 TB of data, including names, Social Security numbers, medical diagnoses, disability codes, dates of birth, and addresses. The group posted sample documents to verify its claims, though the authenticity of the stolen data remains unverified.

The clinic disclosed that its server, containing medical records from 2019 to 2025, was encrypted and partially exfiltrated. While it is unclear whether a ransom was paid or how the breach occurred, Neurological Associates is offering 12 months of free credit monitoring to affected individuals.

DragonForce, a ransomware-as-a-service (RaaS) operation active since December 2023, has been linked to 51 confirmed attacks, exposing over 7.6 million records. The group frequently targets healthcare providers, with 10 confirmed breaches in the sector, including a December 2024 attack on Asheville Eye Associates that affected nearly 205,000 people. Around the same time as the Neurological Associates incident, DragonForce also claimed an attack on Centro Médico Palafox in Spain.

The breach is part of a broader surge in ransomware attacks on U.S. healthcare providers, with 111 confirmed incidents in 2025 compromising the data of 8.9 million individuals. Recent attacks include:

• Alpine Ear, Nose, & Throat (CO) – 65,648 records exposed (December 2024, BianLian group)
• Spindletop Center (TX) – Rhysida demanded $1.65 million (September 2025)
• MACT Health Board (CA) – Rhysida demanded $661,000 (November 2025)
• Center for Life Resources (TX) – Sinobi claimed responsibility (November 2025)

Such attacks disrupt critical systems, forcing healthcare facilities to cancel appointments, divert patients, or revert to manual record-keeping while facing financial and operational fallout.

Source: https://www.comparitech.com/news/seattle-area-neurologist-warns-13500-people-of-data-breach-that-leaked-ssns-medical-info/

Asheville Eye Associates TPRM report: https://www.rankiteo.com/company/asheville-neurology-specialists

Neurological Associates of Washington TPRM report: https://www.rankiteo.com/company/neurological-associates-of-washington

"id": "ashneu1770119606",
"linkid": "asheville-neurology-specialists, neurological-associates-of-washington",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '13,500',
                        'industry': 'Healthcare',
                        'location': 'Kirkland, Washington, USA',
                        'name': 'Neurological Associates of Washington',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': '12 months of free credit monitoring offered to '
                        'affected individuals',
 'data_breach': {'data_encryption': 'Yes',
                 'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '13,500',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'Medical diagnoses',
                                              'Disability codes',
                                              'Dates of birth',
                                              'Addresses']},
 'date_detected': '2025-12',
 'date_publicly_disclosed': '2025-12-27',
 'description': 'Neurological Associates of Washington, a neurology clinic in '
                'Kirkland, Washington, confirmed a December 2025 data breach '
                'affecting 13,500 state residents. The cybercriminal group '
                'DragonForce claimed responsibility for the attack on December '
                '27, 2025, alleging it stole 1.4 TB of data, including names, '
                'Social Security numbers, medical diagnoses, disability codes, '
                'dates of birth, and addresses. The group posted sample '
                'documents to verify its claims, though the authenticity of '
                'the stolen data remains unverified. The clinic disclosed that '
                'its server, containing medical records from 2019 to 2025, was '
                'encrypted and partially exfiltrated. While it is unclear '
                'whether a ransom was paid or how the breach occurred, '
                'Neurological Associates is offering 12 months of free credit '
                'monitoring to affected individuals.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': '1.4 TB',
            'identity_theft_risk': 'Yes',
            'operational_impact': 'Disruption of services, potential '
                                  'cancellation of appointments or diversion '
                                  'of patients',
            'systems_affected': 'Server containing medical records'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'DragonForce'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Offering 12 months of free credit '
                                        'monitoring to affected individuals'},
 'threat_actor': 'DragonForce',
 'title': 'DragonForce Ransomware Gang Strikes Neurological Associates of '
          'Washington, Exposing 13,500 Patients’ Data',
 'type': 'Ransomware'}