Coos County Family Health Services, a New Hampshire-based healthcare provider, suffered a ransomware attack in July 2025, where an unauthorized actor infiltrated its internal network and exfiltrated sensitive patient data. The breach exposed personally identifiable information (PII) and protected health information (PHI) including names, dates of birth, contact details, Social Security numbers, medical IDs, and clinical records of 40,185 current and former patients. The Run Some Wares ransomware group claimed responsibility, posting stolen data on a dark web forum. The incident triggered regulatory disclosures to the U.S. Department of Health and Human Services, as well as notifications to affected individuals in New Hampshire, Maine (1,222 residents), and Massachusetts (365 residents). The organization responded by securing systems, engaging law enforcement, and offering 12 months of free credit monitoring and identity protection services to victims. The breach poses risks of identity theft, financial fraud, and targeted phishing attacks leveraging exposed health and personal data.
Source: https://www.claimdepot.com/data-breach/coos-county-family-health-services-2025
TPRM report: https://www.rankiteo.com/company/cooscountyfamilyhealthservices
"id": "coo2692626101025",
"linkid": "cooscountyfamilyhealthservices",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 40185,
'industry': 'Healthcare',
'location': 'New Hampshire, USA',
'name': 'Coos County Family Health Services',
'type': 'Healthcare Provider'},
{'customers_affected': 1222,
'location': 'Maine, USA',
'name': 'Patients in Maine',
'type': 'Individuals'},
{'customers_affected': 365,
'location': 'Massachusetts, USA',
'name': 'Patients in Massachusetts',
'type': 'Individuals'}],
'customer_advisories': ['Notification letters mailed to affected individuals '
'(Oct. 8, 2025)',
'Notice of Privacy Incident published on website',
'Offer of 12 months of free TransUnion Cyberscout '
'credit monitoring and identity protection services'],
'data_breach': {'data_exfiltration': "Likely (claimed by 'Run Some Wares' on "
'dark web)',
'number_of_records_exposed': 40185,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and PHI)',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Contact information',
'Social Security numbers',
'Medical identification numbers',
'Medical information']},
'date_detected': '2025-07-09',
'date_publicly_disclosed': '2025-10-08',
'description': 'Coos County Family Health Services, a healthcare provider in '
'New Hampshire, experienced a cyberattack that impacted 40,185 '
'current and former patients. An unauthorized actor gained '
'access to systems and may have viewed or copied sensitive '
"data, including PII and PHI. The ransomware group 'Run Some "
"Wares' claimed responsibility for the attack.",
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (due to exposure of SSNs, medical '
'IDs, and other sensitive data)',
'systems_affected': ['Internal network systems']},
'initial_access_broker': {'data_sold_on_dark_web': "Claimed by 'Run Some "
"Wares' (Aug. 13, 2025)",
'high_value_targets': ['Patient PII and PHI']},
'investigation_status': 'Completed (as of Aug. 12, 2025 review)',
'ransomware': {'data_exfiltration': "Claimed by 'Run Some Wares'"},
'recommendations': ['Sign up for free credit monitoring and identity '
'protection services (TransUnion Cyberscout).',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or calls using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Coos County Family Health Services - Notice of '
'Privacy Incident'},
{'date_accessed': '2025-08-13',
'source': "Dark web forum post by 'Run Some Wares' (Tor "
'network)'},
{'date_accessed': '2025-09-05',
'source': 'U.S. Department of Health and Human Services '
'breach report'},
{'date_accessed': '2025-10-09',
'source': 'Maine Attorney General’s office report'},
{'date_accessed': '2025-10-09',
'source': 'Massachusetts Attorney General’s office report'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, due to PHI '
'exposure)'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (Sept. 5, '
'2025)',
'Maine Attorney '
'General’s office '
'(Oct. 9, 2025)',
'Massachusetts '
'Attorney General’s '
'office (Oct. 9, '
'2025)']},
'response': {'communication_strategy': ['Notified impacted individuals by '
'mail (Oct. 8, 2025)',
'Published a Notice of Privacy '
'Incident on its website',
'Reported to U.S. Department of '
'Health and Human Services (Sept. 5, '
'2025)',
'Reported to Maine and Massachusetts '
'Attorney General’s offices (Oct. 9, '
'2025)'],
'containment_measures': 'Secured its systems post-breach '
'detection',
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'threat_actor': 'Run Some Wares',
'title': 'Cyberattack on Coos County Family Health Services',
'type': ['Data Breach', 'Ransomware Attack']}