Ransomware gang Devman today took credit for a cyber attack on Family Health West, a hospital and network of medical clinics in Colorado.
Family Health West yesterday said a cyber attack shut down all of its electronic systems, but that there was no evidence of encryption or data loss at the time.
In a post on the ransomware group’s data leak site, Devman said it stole 120 GB of data from Family Health West and demanded a $700,000 ransom. If its demand isn’t met in four days, Devman threatens to publicly release the allegedly stolen data.
Family Health West has not verified Devman’s claim. We do not know what data was compromised, if Family Health West did or will pay a ransom, or how attackers breached FHW’s network. Comparitech contacted Family Health West for comment and will update this article if it replies.
“Family Health West (FHW) is actively responding to a recent cybersecurity event that was swiftly detected and contained by its IT and Informatics teams. At this time, there is no evidence that any patient or employee data has been lost or encrypted, and all attempts appear to have been successfully blocked,” FHW says in its October 29, 2025 Facebook post.
“As a precautionary measure, all systems are being brought back online methodically after being verified as malware-free.”
Who is Devman?
Devman is a ransomware group that started taking credit for attacks on its data leak site in April 2025. Evidence suggests its roots go further back, however, with ties to earlier ransomware groups like Conti, Black Basta, and DragonForce. Devman operates a ransomware-as-a-service business in which third-party affiliates pay to use Devman’s malware and infrastructure to launch attacks and collect ransoms.
Devman has claimed responsibility for attacks on 41 organizations in total, six of which publicly confirmed attacks that correlate with those claims. Its average ransom demand is $4.4 million.
The Family Health West attack is Devman’s first on a healthcare company and its first on a target in the US. Its other confirmed targets include three government entities (National Social Security Fund of Kenya, Ayuntamiento de NÃjar in Spain, and the Ministry of Labour in Thailand), one manufacturer (Elematec Corporation in Japan), and a news outlet in the Philippines (GMA News and Public Affairs).
Ransomware attacks on US healthcare
In 2025 to date, Comparitech researchers have logged 71 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers. Those attacks compromised more than 7.5 million records.
Other recent such attacks include:
- River City Eye Care reported a September 2025 data breach claimed by Genesis
- Ever Care Corporation (d/b/a Right at Home) notified 882 people of a September 2025 data breach claimed by Shinobi
- Heartland Health Center reported a February 2025 data breach for which Medusa demanded a $180,000 ransom
- Sedgebrook Senior Living reported a May 2025 data breach claimed by SafePay
- Mission City Community Network reported a June 2025 data breach claimed by SafePay
Another 160 unconfirmed attack claims made by ransomware gangs haven’t been confirmed by the targeted providers.
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Family Health West
Family Health West consists of a 25-bed hospital, emergency room, and network of specialty clinics in the Grand Valley area of Mesa County, Colorado.
