INC Ransom ransomware gang breaches Virginia mental health provider Mount Rogers Community Services
Learn More
Mount Rogers Community Services, a Virginia-based health services provider has fallen victim to a ransomware attack by the INC Ransom gang, resulting in the exposure of sensitive personal and organizational data.
Mount Rogers Community Services provides mental health, developmental disability, and substance use services to residents in Southwest Virginia. The organization serves vulnerable populations who rely on confidential healthcare services.
The attack was reported on June 10, 2025. Exposed data includes:
- Names of individuals (patients and employees)
- Residential addresses
- Personal email addresses
- Internal messages and communications
- Employee salary information
- Financial invoices and billing records
- Confidentiality agreements and legal documents
The number of affected individuals has not been disclosed. The organization has not yet released an official public statement regarding the breach or provided details about the scope of the compromise.
Mount Rogers Community Services will likely face regulatory scrutiny and potential enforcement actions related to this data breach. As a healthcare provider, the organization is subject to HIPAA privacy and security requirements, and the exposure of patient information could result in investigations by the Department of Health and Human Services Office for Civil Rights. Additionally, under Virginia state law, the organization is required to notify the state Attorney General and affected individuals of the data breach without unreasonable delay.
