North Country HealthCare is a federally qualified community health center that provides comprehensive medical services in 14 locations in 11 communities throughout Northern Arizona. Their services include family medicine, pediatrics, obstetrics and gynecology, dental care, behavioral health services, telemedicine, health screenings, and more. An April 2022 article about them reported that North Country served 55,000 patients annually.
The threat actors known as “Stormous” claim to have exfiltrated data on 600,000 patients. They also claim that they will be leaking 100,000 patients’ records and selling the other 500,000. As of publication there is one day left on a countdown clock.
As proof of claims, Stormous leaked what they claimed are 11,684 records with patients’ name, clinic name, provider ID number, appointment date, address, type of health insurance, ICD-10 Code, treatment, date of birth, gender, contact, medical history, race/ethnicity, and insurance policy number.
Attempts to verify the data in the sample failed pretty spectacularly.
For many records, the gender was incorrect for the patient name, and for many records, DataBreaches could find no person with that name in the area of Arizona listed as the address. Although people may move away over the years, the dates of service were in 2022 and 2023, and one would expect that at least some people still resided at the same address or in the same area. But not only could the people not be found at the addresses listed or in that area, but many of the addresses could not be found at all during attempts to search for the addresses. A check of some of the phone numbers revealed area codes that were in Missouri, Washington State, and Jamaica — nowhere near the addresses listed.
DataBreaches emailed North Country HealthCare to inquire about the claimed breach and reached out to Stormous on Tox.
No replies were received by publication, but this post will be updated if more information becomes available. For now, DataBreaches is treating this claimed breach as a likely fake.