Ransomware Group: INCRANSOM

VICTIM NAME: wvpca[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group has publicly disclosed a data breach involving the West Virginia Primary Care Association (WVPCA), an organization dedicated to providing accessible healthcare services across West Virginia. The attack was publicly announced on July 31, 2025, with the data leak details released on the associated dark web portal. The organization serves over 550 community health centers, offering a wide array of medical services including primary care, dental, and mental health support, primarily targeting rural populations. The leak includes sensitive contact information for key leadership staff, such as the President & CEO, CFO, Communications Coordinators, and various healthcare directors and coordinators. The incident highlights potential exposure of internal organizational structure and contact details, which may potentially be exploited for further malicious activities. The leak accesses publicly available organizational data, but there is no explicit indication of compromised patient or personnel PII beyond organizational contacts. The associated visual content includes a screenshot of internal documents or related materials, providing a visual confirmation of the breach. The group responsible appears to have compromised the organization during the latter part of July 2025, with disclosure made publicly via a dedicated dark web blog link.

While the leak predominantly contains organizational details such as employee roles, contact numbers, and a brief organizational description, no sensitive personal health information or confidential operational data is explicitly indicated in the released content. The attack underscores the vulnerability of healthcare organizations in the public sector to ransomware threats, emphasizing the importance of cybersecurity measures, especially given the critical nature of the services provided by WVPCA. The breach may also include downloadable data, although specific files are not detailed here. The visual evidence includes a screenshot linked in the post, showing internal or organizational content that confirms the breach. The attack serves as a reminder for critical infrastructure entities, like healthcare providers, to maintain rigorous security protocols to prevent and mitigate similar incidents in the future.