Neurological Associates of Washington near Seattle this week confirmed it notified 13,500 state residents of a December 2025 data breach that compromised the following info:
- Names
- Social Security numbers
- Diagnoses
- Disability codes
- Medical info
- Dates of birth
- Addresses
- Other types of information
A cybercriminal group called DragonForce took credit for the attack on December 27, 2025, saying it stole 1.4 TB of data from the clinic. To prove its claim, DragonForce posted sample images of what it says are documents stolen from Neurological Associates of Washington.
Neurological Associates of Washington cited DragonForce as the attacker, but Comparitech cannot verify the authenticity of the allegedly stolen data. We do not know if Neurological Associates of Washington paid a ransom, how much DragonForce demanded, or how attackers breached the clinic’s network. Comparitech contacted Neurological Associates of Washington for comment and will update this article if it replies.
“Our facilities server that stored medical records from 2019-2025 was attacked and encrypted. We discovered some of the data one of our computers was stolen,” says the clinic’s notice to victims.
Neurological Associates of Washington is offering eligible data breach victims 12 months of free credit monitoring.
Who is DragonForce?
DragonForce is a ransomware gang that first started claiming responsibility for attacks on its leak site in December 2023. It operates a ransomware-as-a-service business in which customers pay to use DragonForce’s malware and infrastructure to launch attacks and collect ransoms. DragonForce often extorts victims both to unlock infected systems and to destroy stolen data.
DragonForce has claimed responsibility for 51 confirmed ransomware attacks since it began, plus 211 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations. The confirmed attacks breached more than 7.6 people’s personal records.
10 of DragonForce’s confirmed victims were healthcare providers like Neurological Associates of Washington. Around the same time as that attack, DragonForce also hacked Centro Médico Palafox in Spain. And the group’s largest such attack hit Asheville Eye Associates in December 2024, which later notified 204,984 people.
Ransomware attacks on US healthcare
Comparitech researchers logged 111 confirmed ransomware attacks on US hospitals, clincis, and other healthcare providers in 2025. Those attacks compromised the personal information of more than 8.9 million people.
Other such recently confirmed attacks include:
- Alpine Ear, Nose, & Throat (CO) notified 65,648 people of a December 2024 data breach claimed by the BianLian ransomware group
- Spindletop Center (TX) reported a September 2025 data breach for which Rhysida demanded $1.65 million
- MACT Health Board (CA) reported a November 2025 data breach for which Rhysida demanded $661,000.
- Center for Life Resources (TX) reported a November 2025 data breach claimed by Sinobi
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Neurological Associates of Washington
Neurological Associates of Washington is a neurologist clinic located in the Seattle suburb of Kirkland, Washington.
