Mount Rogers Community Services Listed by Ransomware Group INC Ransom in Latest Healthcare Breach
Mount Rogers Community Services, a mental health provider based in Virginia, has been listed as a victim on the leak site of ransomware gang INC Ransom. The threat group claims to have stolen and published internal documents, potentially including personal details of staff and clients.
Ransomware operators commonly use stolen files to pressure victims into paying by threatening to leak data publicly. In this case, samples of the stolen data were published to the gang’s dark web site. According to the researchers, the exposed information appears to include:
- Names and physical addresses
- Salary details
- Invoices
- Personal email communications
- Internal messages
- Confidentiality agreements
While the stolen records may not contain direct medical histories or diagnostic information, the data still carries significant risk.
“Wages, invoices, and internal documents can be used in phishing attacks or social engineering attacks, potentially compromising the company’s systems,”
researchers said.
“This data leak can severely damage the company’s reputation and expose it to legal and financial consequences.”
What Mount Rogers Does and Why It Matters
Mount Rogers Community Services provides mental health, developmental disability, and substance use treatment services across Virginia. The organization handles sensitive support cases and is a critical lifeline for individuals with behavioral health needs.
The nature of the services means that even seemingly routine administrative data can be weaponized, particularly if used in impersonation or identity fraud attempts.
We have contacted Mount Rogers for comment and will update this article when a response is received.
Pattern of Ransomware Attacks on Mental Health Facilities
The breach is part of a broader pattern. In recent months, ransomware groups have increasingly focused on mental health providers.
- Earlier this year, the Community Counseling of Bristol County (CCBC) suffered a breach where threat actors took health information.
- More recently, attackers hit the Mental Health Association (MHA) in Georgia, compromising patient details including medical diagnoses and prescribed medications.
These incidents show a growing trend: threat actors are targeting vulnerable healthcare institutions—particularly those lacking enterprise-grade cybersecurity infrastructure.
Who Is Behind the Attack?
INC Ransom, the group claiming responsibility, has been active since July 2023. The gang has been linked to multiple high-profile attacks, including:
- Stark AeroSpace (U.S. defense contractor)
- San Francisco Ballet
- The City of Leicester, UK
- NHS Dumfries and Galloway Health Board, Scotland
- Xerox Corporation
According to Cybernews’ Ransomlooker monitoring tool, INC Ransom has compromised at least 163 organizations in the past year alone.
The breach at Mount Rogers is the latest addition to a growing list of ransomware victims in the healthcare and public service sectors.
