New Hampshire nonprofit federally qualified health center (FQHC) providing primary, dental, and behavioral-health care.
Coos County Family Health Services, a New Hampshire federally qualified health center, detected suspicious activity on July 9, 2025 and confirmed on August 12, 2025 that an unauthorized actor may have accessed or copied files containing PII and PHI. The RunSomeWarez ransomware group claimed responsibility on August 13, 2025. The incident affected 40,185 individuals (35,609 in NH, 1,222 in ME, 365 in MA). Exposed data included names, dates of birth, contact information, Social Security numbers, medical identification numbers, and medical information. It was disclosed to HHS on September 5, 2025; notifications began October 8, 2025.
ObscureIQ assessment: Severe risk. Exposure enables identity theft, medical fraud, insurance abuse, and targeted scams exploiting health conditions or care relationships.
As a community health center serving a largely rural, underserved population, the exposure of Social Security numbers, dates of birth, medical identification numbers, and medical information creates serious identity-theft and medical-fraud risk for patients who may have fewer resources to respond. The breach affected 40,185 individuals across New Hampshire, Maine, and Massachusetts.
Coos County Family Health Services is a New Hampshire nonprofit federally qualified health center (FQHC) providing primary care, dental, behavioral-health, and community health services to the rural Coos County region and surrounding areas. It maintains patient identity, insurance, billing, and clinical records, often serving underserved populations.
Community healthcare providers collect patient identity, contact, insurance, billing, and clinical records tied to primary and regional care delivery.
Coos County Family Health Services detected suspicious network activity on July 9, 2025; a review completed August 12, 2025 confirmed PII and PHI were involved. The RunSomeWarez ransomware group claimed the attack on August 13, 2025. The breach was disclosed to HHS on September 5, 2025, and notifications to 40,185 individuals began October 8, 2025, with TransUnion/Cyberscout monitoring offered. Reporting indicated this followed a prior ransomware incident; class-action investigations followed.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
Coos County Family Health Services, a New Hampshire federally qualified health center, detected suspicious activity on July 9, 2025 and confirmed on August 12, 2025 that an unauthorized actor may have accessed or copied files containing PII and PHI. The RunSomeWarez ransomware group claimed…
Verified fields include Date of Birth, Email Address, Full Name, Medical Diagnosis, Medical Record Number, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation