DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

North Country Healthcare responds to Stormous’s claims of a breach

Posted on July 17, 2025July 18, 2025 by Dissent

On July 13, DataBreaches reported that the Stormous gang claimed to have exfiltrated 600,000 patients’ records from North Country Healthcare (NCH) in Arizona. At the time they provided a small sample of records in .csv format and indicated that they were going to leak 100,000 records for free and sell the other 500,000 records.

Because DataBreaches was unable to verify that the patient data was real, Stormous responded to this site’s inquiry by providing this site with the 500,000 records database as well as a screenshot allegedly proving access to their system.  The larger data sample had the same problems as the smaller sample. DataBreaches could not find people with those names in Arizona, the patient addresses didn’t exist when DataBreaches went to check them, the gender of half of the patients was listed incorrectly (i.e., half of rows with female names were idenitifed as “male,” and half of rows with male names were identified as “female”) and the contact phone numbers were …. screwy — with some area codes not even U.S. area codes.

Stormous later revised their listing to give away the 500,000 data and to claim they would be selling 100,000. They never addressed this site’s reporting that their data wasn’t validated.

Today, NCH sent DataBreaches this statement:

North Country HealthCare is aware of a claim made by a ransomware group on the dark web alleging unauthorized access to patient data. We take any such claim seriously and immediately launched an internal investigation.

At this time, we have found no evidence of a data breach or unauthorized access to our systems. Independent cybersecurity experts have reviewed the data posted and found it to be inconsistent, unverifiable, and likely fabricated.

We are continuing to monitor the situation closely and are working with cybersecurity professionals and law enforcement to ensure the safety and security of our systems and patient information.

We remain committed to transparency and will provide updates if new information becomes available. If you have questions or concerns, please contact us at info@nchcaz[.]org.

So NCH is finding that the data are unverifiable and likely fabricated. That matches what DataBreaches has been reporting all along. But as to the access to their network, they find no unauthorized access while a screenshot provided to DataBreaches might suggest otherwise. DataBreaches does not know whether Stormous or any other threat actor(s) ever sent NCH the screenshot as proof.


Related:

  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (3)
Category: Breach IncidentsCommentaries and AnalysesHackHealth Data

Post navigation

← Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.