Cyber Incident Victim: Warren-Washington-Albany ARC

The Warren-Washington-Albany ARC (WWAARC) ransomware incident occurred in December 2020 when Conti threat actors added the organization to their dedicated leak site. Conti operators publicly dumped stolen data containing payroll and tax information for hundreds of WWAARC employees. This exposure of sensitive financial records created significant risks of identity theft and financial fraud for affected staff members. Unlike some other healthcare entities targeted by Conti during this period, the leaked data did not appear to contain protected health information (PHI) based on descriptions of the exfiltrated material. The attack formed part of Conti's broader targeting of medical sector organizations in late 2020, which included at least five other healthcare providers added to their leak site between September and December.

WWAARC did not issue any public statements acknowledging the breach or notify affected individuals through official channels as of the reporting period. The organization's breach report had not appeared on the HHS public breach tool by the time of publication, indicating no formal regulatory disclosure occurred within typical notification timeframes. This lack of public response contrasted with other Conti victims like Golden Gate Regional Center, which reported impacting 11,315 patients to HHS, and Galstan & Ward Dentistry, which notified patients within three months of their August attack. DataBreaches.net monitored the situation but received no confirmation from WWAARC regarding the legitimacy of Conti's claims or the organization's incident response activities. The incident remained unresolved in public records with no verification of containment measures or recovery actions taken by the victim organization.