OB-GYN Associates, a women’s health clinic in Reno, NV, yesterday confirmed it notified 62,238 people of an August 2025 data breach that compromised patients’ names, Social Security numbers, driver’s license numbers, medical info, bank account numbers, and routing numbers.
In a post on its data leak site, ransomware gang Inc took credit for the breach on August 27, 2025.
OB-GYN Associates has not verified Inc’s claim. We do not know if OB-GYN Associates paid a ransom, how much Inc demanded, or how attackers breached the company’s network. Comparitech contacted OB-GYN Associates for comment and will update this article if it replies.
“On or about August 7, 2025, we detected a network security incident, in which an unauthorized third-party accessed our network environment,” says OB-GYN Associates’ notice to victims. “Our investigation, which was completed on September 29, 2025, subsequently determined that an unauthorized third party acquired certain individual personal information during this incident.”
Another notice (PDF) posted by the California attorney general confirmed some of the data belonged to minors.
In an August 7 Facebook post, OB-GYN Associates announced that its phones and computers were down.
The company is offering eligible victims 12 months of free credit monitoring through TransUnion. The deadline to enroll is 90 days from receipt of the notice letter in the mail.
Who is Inc?
Inc is a ransomware group that emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software. Once infected, Inc’s malware both steals data and locks down computer systems until a ransom is paid to unlock them.
Inc has claimed responsibility for 129 confirmed ransomware attacks since it began, plus 363 unconfirmed attack claims. 49 of its confirmed attacks hit healthcare providers, and 15 of those occurred this year.
OB-GYN Associates is Inc’s second-largest data breach on a healthcare provider this year. The largest was an attack in May on The Vascular Experts in Connecticut, which notified 154,417 people.
Ransomware attacks on US healthcare
In 2025 to date, Comparitech researchers have logged 71 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers. Those attacks compromised 7.6 million records in total.
Earlier this week, Family Health West in Colorado confirmed it was hit by a ransomware attack claimed by the Devman group, who demanded $700,000 in ransom.
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About OB-GYN Associates
OB-GYN Associates is a women’s health clinic in Reno, Nevada.
