Coos County Family Health Services has reported a data breach. Meanwhile, threat actor Run Some Wares claims to have their data.
Coos County Family Health Services, based in Berlin, New Hampshire, recently announced they were the victim of a privacy incident.
The breach was first discovered on July 9th, 2025, when the organization observed suspicious activity in its servers and phone systems.
After an investigation, Coos County determined an unauthorized third party had accessed its systems and may have copied data.
Coos County stated that the impacted information varied by person, but may have included names, dates of birth, contact information, Social Security numbers, medical identification numbers and medical information.
Coos County reported the breach to the Department of Health and Human Services (HHS) on September 5th. However, at the time of the reporting, the healthcare provider stated that 501 individuals had been impacted. Organizations must report breaches that impact more than 500 people, and organizations generally use the number “501” as a placeholder while their investigation continues. It’s likely that Coos County is still finalizing the number of impacted individuals.
While it’s often unclear who has stolen data, in this case, ransomware organization Run Some Wares is claiming to have been responsible for the attack and added Coos County to their list of victims. As of now, no ransom appears to have been paid.
Ransomware attacks continue to pose a large risk to healthcare organizations. In fact, the HHS Office for Civil Rights (OCR) has found a dramatic increase in attacks over recent years, “Since 2018, ransomware attacks on healthcare organizations have surged by 264%.”
These attacks can directly impact patient safety. According to HHS Deputy Secretary Andrea Palm, “The increasing frequency and sophistication of cyberattacks in the health care sector pose a direct and significant threat to patient safety... These attacks endanger patients by exposing vulnerabilities in our health care system, degrading patient trust, disrupting patient care, diverting patients, and delaying medical procedures.”
It’s generally not a good idea for an organization to pay a ransom, as it can encourage the organization to be targeted again. Cybersecurity investigators and mediators will generally work with organizations to determine the best path forward following a ransomware attack.
It can be challenging to pin down a specific timeline for updating breach reports to the HHS. Coos County may still be investigating the incident. Investigations can take anywhere from a few months to up to a year, based on the complexity of the event.