Pennsylvania Attorney General Confirms Ransomware Attack Exposed Personal and Medical Data

In a recent statement, Pennsylvania’s attorney general disclosed that a ransomware group responsible for a cyberattack in August 2025 had accessed files containing sensitive personal and medical information.

Attorney General Dave Sunday made it clear that the ransom demanded by the cybercriminals was not paid, despite the encryption of compromised systems. This decision was upheld even after the discovery that unauthorized access had occurred, leading to the compromise of personal data.

The Pennsylvania Office of the Attorney General (OAG) revealed in a press release that certain files contained names, Social Security numbers, and medical details of individuals affected by the breach.

The breach, discovered on August 9th, resulted in the shutdown of various systems within the Pennsylvania OAG network, including the official website, employee email accounts, and landline phone services. The impact of the attack was extensive and severe.

Investigations by cybersecurity expert Kevin Beaumont revealed vulnerabilities in the Pennsylvania AG’s network, particularly concerning public-facing Citrix NetScaler appliances. These devices were susceptible to ongoing attacks exploiting a critical vulnerability known as Citrix Bleed 2 (CVE-2025-5777).

Despite the lack of public attribution by the Pennsylvania OAG, the INC Ransom gang claimed responsibility for the breach on September 20th. They boasted about stealing 5.7TB of data from the network, including sensitive files and alleged access to an FBI internal network.

INC Ransom, operating as a ransomware-as-a-service (RaaS) entity since July 2023, has targeted organizations across various sectors globally. Notable victims include Yamaha Motor Philippines, Scotland’s National Health Service (NHS), Ahold Delhaize, and Xerox Business Solutions (XBS).

This incident marks the third ransomware attack on Pennsylvania state entities. In 2020, Delaware County paid a $500,000 ransom following a DoppelPaymer attack, while the Pennsylvania Senate Democratic Caucus network faced a ransomware breach in 2017.

As it’s budget season, more than 300 CISOs and security leaders have shared insights on planning, spending, and priorities for the upcoming year. Discover benchmark strategies and emerging trends in this comprehensive report for 2026.

Explore how industry leaders are translating investments into tangible outcomes.

Download Now