Ransomware gang says it hacked Klickitat Valley Health, stole SSNs and PHI

Ransomware gang Kraken today claimed responsibility for a February 2025 data breach at Klickitat Valley Health in Washington. The breach compromised the following patient info:

• Names
• Social Security numbers
• Health insurance info
• Medical record numbers
• Patient account numbers
• Dates of birth
• Addresses
• Dates of service
• Physician names and departments
• Diagnoses
• Other treatment info

Klickitat Valley Health has not verified Kraken’s claim. The clinic acknowledged the breach in a notice to patients, but hasn’t disclosed how many people it notified. We do not yet know if the clinic paid a ransom, how much Kraken demanded, or how attackers breached its network. Comparitech contacted Klickitat Valley Health for comment and will update this article if it replies.

“On February 23, 2025, KVH identified unusual activity affecting our IT systems,” says the clinic’s notice to patients. “The investigation determined that on February 18, 2025, an unauthorized person obtained copies of certain files from our systems.”

Klickitat Valley Health is offering free credit monitoring and identity theft protection to victims whose Social Security numbers were compromised.

Who is Kraken?

Kraken is a new ransomware gang that first started claiming responsibility for attacks in February 2025. This is its first confirmed attack.

Evidence suggests Kraken is a rebrand of another ransomware group, HelloGookie. When Kraken first emerged, it claimed a number of attacks that had previously been claimed by another ransomware group, HelloGookie (formerly HelloKitty). Those attack claims include one on tech giant Cisco.

Ransomware attacks on US healthcare

In 2025 so far, Comparitech researchers have logged five confirmed ransomware attacks on US hospitals, clinics, and other direct care providers. Other recently confirmed attacks include those on Bell Ambulance and Central Texas Pediatric Orthopedics. Ransomware gang Medusa demanded $400,000 from Bell Ambulance in February 2025, and CTPO notified 90,000 Texans of a breach claimed by Qilin in the same month.

Ransomware attacks on hospitals, clinics, and other care providers can lock down computer systems and steal data. Targets are forced to either pay a ransom or face extended downtime, data loss, and putting customers at risk of fraud. Ransomware can cripple a wide range of systems including access to medical records, appointment booking, payroll, prescriptions, patient communications, and more.

We tracked another 63 unconfirmed attack claims made by ransomware gangs against US healthcare targets in 2025, which haven’t been acknowledged by the targeted organizations.

About Klickitat Valley Health

Klickitat Valley Health is a hospital in Goldendale, Washington, serving more than 5,000 residents the eastern part of Klickitat County. It consists of 225 staff, 25 beds, a family medicine clinic, and a wellness and therapy center.