Healthcare / Community Health Center / Consumer
Community health center serving Idaho and eastern Oregon.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In March 2026, the Insomnia data-theft group claimed a breach of Valley Family Health Care, threatening to leak stolen data. The exposed tranche included patient charts, insurance information, government IDs, dates of birth, Social Security numbers and other PHI; investigators could not confirm the exact record count.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
1.9M rows records analyzed
Valley Family Health Care is a US community health center with locations in Idaho and Oregon, providing medical, dental, women's health and behavioral-health services to largely rural and underserved patients.
A community health center holds patient identity and contact data, dates of birth, Social Security numbers, government IDs, insurance information and clinical records including behavioral-health data (PHI).
Valley Family Health Care disclosed a difficult early 2026 with two incidents; the Insomnia data-theft group claimed one in March 2026, and a separate third-party vendor breach was also notified.
As a HIPAA-covered community provider, the breach carries OCR notification and litigation exposure and acute trust concerns for a rural patient base, compounded by a separate vendor incident the same quarter.
A healthcare-linked breach: exposure ties a named individual to a provider relationship and, where clinical or insurance data is present, to conditions and treatment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Motivation: Financial extortion
A data-theft-and-extortion group that emerged October 2025 focused on stealing files (patient records, drivers licenses, tax forms) and threatening exposure rather than encrypting; over half its early victims are US healthcare organizations.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation