Neurological Associates of Washington, an independent neurology practice based in Kirkland, Washington, suffered a ransomware attack on December 27, 2025 that encrypted a server containing medical records from 2019 to 2025. The clinic discovered the incident on December 28, 2025. The DragonForce ransomware-as-a-service group claimed responsibility by listing the clinic on its dark-web leak site and asserting it had exfiltrated approximately 1.4 terabytes of data. DragonForce posted sample document images to substantiate its claim. The clinic publicly disclosed the incident to the Washington Attorney General on January 23, 2026 and began mailing notification letters to affected individuals on January 22, 2026.

The breach affected approximately 13,500 Washington state residents per the formal Washington Attorney General notification. Compromised fields included names, addresses, dates of birth, Social Security numbers, health insurance policy or identification numbers, and medical information including diagnoses and disability codes. The DragonForce dataset reportedly contains the full 2019 to 2025 medical records archive, with approximately 1.4 terabytes of data including clinical documents and patient records. New patients added to the practice during 2025 are unlikely to have been affected because the practice had migrated to a cloud-based records system before the attack.

For affected patients, the practical risk profile is unusually severe and durable because of the combination of identity-fraud exposure with neurology-specific sensitivity. The combination of name, date of birth, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a neurology care relationship and the presence of a neurological diagnosis or disability code, which is itself unusually sensitive health information. Patients with documented disability codes face additional risk of disability-benefits fraud and discrimination-themed scams. Affected patients should accept the twelve months of identity-protection services offered by the practice, freeze credit at all three U.S. bureaus, monitor health-insurance and Social Security disability statements, and treat unsolicited contact referencing neurological care, disability claims, or insurance verification with caution.

Neurology practices collect highly sensitive patient identity, contact, insurance, billing, appointment, and treatment records tied to neurological and specialty medical care.

Neurological Associates of Washington discovered a ransomware attack on December 28, 2025, the day after the intrusion occurred on December 27, 2025. The DragonForce ransomware-as-a-service group, an active threat actor since December 2023, claimed responsibility by listing the clinic on its dark-web leak site and asserting it had exfiltrated approximately 1.4 terabytes of data, posting sample document images as proof. The practice migrated its electronic health records to a cloud-based platform and isolated prior records on a computer with no internet access. Neurological Associates of Washington filed reports with the FBI, HHS, and the Washington Attorney General on January 23, 2026, and began mailing notification letters to affected individuals on January 22, 2026. The practice is offering twelve months of complimentary credit monitoring and identity protection services. Class-action investigations by U.S. plaintiff law firms began in early February 2026.