A ransomware attack on a New Hampshire healthcare provider has compromised sensitive data from tens of thousands of patients.
Coos County Family Health Services, based in New Hampshire, confirmed a cyberattack that exposed the personal and medical data of 40,185 current and former patients. Suspicious activity was first detected on July 9, 2025, prompting an internal investigation. The review concluded that an unauthorized party had accessed internal systems and potentially viewed or copied sensitive patient records.
The exposed information includes names, dates of birth, contact information, Social Security numbers, medical identification numbers, and other protected health data. By August 12, it was confirmed that both personally identifiable information (PII) and protected health information (PHI) had been compromised.
The following day, on August 13, a ransomware group identifying itself as Run Some Wares publicly claimed responsibility on a dark web forum hosted on the Tor network. While Coos County did not confirm the group's involvement, the timeline and nature of the attack support the claim.
The breach was officially reported to the U.S. Department of Health and Human Services on September 5. On October 8, Coos County began notifying affected patients via mail and published a Notice of Privacy Incident on its website. The breach also impacted individuals outside New Hampshire: 1,222 in Maine and 365 in Massachusetts, prompting formal reporting to both states’ Attorneys General on October 9.
Coos County Family Health Services stated that it had secured its network, notified law enforcement, and taken steps to prevent further access. Affected patients are being offered 12 months of free single-bureau credit monitoring and identity protection services through TransUnion Cyberscout.
According to Paubox’s 2025 Healthcare Email Security Report, ransomware attacks in healthcare have surged by 264% since 2018, driving breach costs to an average of $11 million, the highest of any industry. The attack on Coos County Family Health Services, which exposed data from more than 40,000 patients, reflects how ransomware has become one of the most damaging and costly threats facing healthcare organizations today.
Healthcare providers store a combination of valuable personal and medical data, which makes their systems especially lucrative for attackers seeking ransom or intending to sell the data on illicit markets.
The Tor network is commonly used by ransomware groups to anonymously publish data breach claims, leak stolen data, and communicate ransom demands without revealing their location or identity.
This refers to credit monitoring services provided through only one of the three major U.S. credit bureaus (TransUnion, Experian, or Equifax). It monitors for signs of identity theft or fraudulent activity in credit reports.
Each state has its own data breach notification laws. When residents of those states are affected, companies are legally required to notify the respective Attorneys General.
Impacted individuals should enroll in the offered credit monitoring service, review financial and medical records regularly for unusual activity, and consider placing a fraud alert or credit freeze with the credit bureaus.