Coös County Family Health Services (CCFHS), a New Hampshire-based community healthcare provider, suffered a ransomware attack in July 2025, confirmed by the Run Some Wares group in August. The breach exposed 40,185 individuals' sensitive data, including names, dates of birth, contact details, Social Security numbers, medical IDs, and medical records. The attack began with suspicious activity on July 9, 2025, leading to unauthorized server access, where data was potentially viewed or copied. The incident follows a previous ransomware attack in September 2021, highlighting recurring vulnerabilities. While CCFHS has not officially confirmed the ransomware claim, it is offering 12 months of free credit monitoring to affected individuals. The breach aligns with a broader trend of rising ransomware attacks on US healthcare, with 6.2 million records compromised across 63 confirmed incidents in 2025 alone. The attack disrupted operations, risked patient privacy, and reinforced the sector’s susceptibility to data theft and system encryption by cybercriminal groups.
TPRM report: https://www.rankiteo.com/company/cooscountyfamilyhealthservices
"id": "coo0492404101025",
"linkid": "cooscountyfamilyhealthservices",
"type": "Ransomware",
"date": "9/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 40185,
'industry': 'Healthcare',
'location': 'Berlin, New Hampshire, USA',
'name': 'Coös County Family Health Services (CCFHS)',
'type': 'Non-profit Healthcare Provider'}],
'customer_advisories': ['12 months of free credit monitoring via TransUnion'],
'data_breach': {'data_exfiltration': 'Possible (unconfirmed if data was '
'copied)',
'number_of_records_exposed': 40185,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Contact information',
'Social Security numbers (SSNs)',
'Medical identification numbers',
'Medical information']},
'date_detected': '2025-07-09',
'description': 'Overnight, Coös County Family Health Services confirmed '
'40,185 people had their data breached following a cyber '
'attack in July 2025. Ransomware group Run Some Wares '
'claimed the attack in August 2025. The breach involved '
'unauthorized access to servers on July 9, 2025, during '
'which an unauthorized party may have viewed or copied '
'sensitive data, including names, dates of birth, contact '
'information, Social Security numbers, medical identification '
'numbers, and medical information. Coös County has not '
"confirmed the nature of the attack nor the ransomware group's "
'claim. Affected individuals are being offered 12 months of '
'free credit monitoring through TransUnion.',
'impact': {'brand_reputation_impact': 'High (healthcare data breach affecting '
'40,185 individuals)',
'data_compromised': True,
'identity_theft_risk': 'High (SSNs and medical data exposed)',
'systems_affected': ['Phone systems', 'Servers']},
'initial_access_broker': {'high_value_targets': ['Patient records',
'Medical data']},
'investigation_status': 'Ongoing (as of August 2025)',
'motivation': ['Financial Gain (presumed)', 'Data Theft (presumed)'],
'ransomware': {'data_exfiltration': 'Claimed by Run Some Wares (unconfirmed)'},
'references': [{'source': 'Comparitech'},
{'source': 'Coös County Public Notification'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA '
'violations '
'(unconfirmed)']},
'response': {'communication_strategy': ['Public notification of breach',
'Media statements'],
'containment_measures': ['Secured systems post-detection'],
'incident_response_plan_activated': True,
'remediation_measures': ['Offered 12 months of free credit '
'monitoring via TransUnion']},
'threat_actor': 'Run Some Wares (claimed, unconfirmed by Coös County)',
'title': 'Coös County Family Health Services Data Breach (July 2025)',
'type': ['Data Breach', 'Ransomware Attack (unconfirmed)']}