TriCity Family Services Hit by INC RANSOM Ransomware Attack, Exposing Sensitive Data of 2,511 Individuals
TriCity Family Services, a healthcare provider, suffered a ransomware attack attributed to the INC RANSOM group, resulting in the exposure of personally identifiable information (PII) and protected health information (PHI) for 2,511 individuals. The threat actors claimed to have stolen 22 GB of data during the breach, which occurred between November 11, 2024, and May 14, 2025.
The unauthorized access was discovered in spring 2025, prompting the organization to secure its systems and launch an investigation with a third-party cybersecurity forensics firm. While electronic medical records remained unaffected, the compromised data included names, dates of birth, treatment details, provider names, and intake information.
TriCity Family Services reported the breach to the U.S. Department of Health and Human Services on December 8, 2025, and published a formal notice on its website. The organization has since updated its data security policies and established a dedicated call center (888-360-9994) for affected individuals to assist with credit monitoring and fraud prevention.
The exposed data could be exploited for identity theft, targeted scams, or other malicious activities, underscoring the risks of ransomware attacks on healthcare providers.
Source: https://www.claimdepot.com/data-breach/tricity-family-services-2026
TriCity Family Services (TCFS) cybersecurity rating report: https://www.rankiteo.com/company/tricity-family-services-tcfs
"id": "TRI1769096001",
"linkid": "tricity-family-services-tcfs",
"type": "Ransomware",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2,511 individuals',
'industry': 'Healthcare',
'name': 'TriCity Family Services',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Established a dedicated call center (888-360-9994) '
'for affected individuals to assist with credit '
'monitoring and fraud prevention',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '2,511 individuals',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Treatment details',
'Provider names',
'Intake information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-03-01',
'date_publicly_disclosed': '2025-12-08',
'description': 'TriCity Family Services, a healthcare provider, suffered a '
'ransomware attack attributed to the INC RANSOM group, '
'resulting in the exposure of personally identifiable '
'information (PII) and protected health information (PHI) for '
'2,511 individuals. The threat actors claimed to have stolen '
'22 GB of data during the breach, which occurred between '
'November 11, 2024, and May 14, 2025. The unauthorized access '
'was discovered in spring 2025, prompting the organization to '
'secure its systems and launch an investigation with a '
'third-party cybersecurity forensics firm. While electronic '
'medical records remained unaffected, the compromised data '
'included names, dates of birth, treatment details, provider '
'names, and intake information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '22 GB',
'identity_theft_risk': 'High',
'operational_impact': 'Updated data security policies, established '
'a dedicated call center for affected '
'individuals'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, data exfiltration',
'post_incident_analysis': {'corrective_actions': 'Updated data security '
'policies'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'INC RANSOM'},
'recommendations': 'Enhanced data security policies, credit monitoring and '
'fraud prevention for affected individuals',
'references': [{'source': 'TriCity Family Services Notice'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Reported to the U.S. '
'Department of Health '
'and Human Services on '
'December 8, 2025'},
'response': {'communication_strategy': 'Published a formal notice on its '
'website, established a dedicated call '
'center (888-360-9994)',
'containment_measures': 'Secured systems',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Updated data security policies',
'third_party_assistance': 'Third-party cybersecurity forensics '
'firm'},
'threat_actor': 'INC RANSOM',
'title': 'TriCity Family Services Hit by INC RANSOM Ransomware Attack',
'type': 'Ransomware'}