.png)
Neurological Associates Data Breach: PHI and PII of 13,500 Patients Exposed
In early January 2026, Neurological Associates of Washington, a Kirkland-based independent neurology practice, discovered a data breach affecting 13,500 individuals in Washington state.
The incident involved a ransomware attack by the DragonForce group, who claimed responsibility for stealing and encrypting the practice’s medical records server. The attackers reportedly exfiltrated 72.53 GB of sensitive data and published it on the dark web on Dec. 28, 2025.
The breach impacted patients whose records were stored from 2019 to 2025. The investigation is currently ongoing.
The compromised data included both personally identifiable information (PII) and protected health information (PHI). Exposed details may include names, Social Security numbers, full dates of birth, health insurance policy or ID numbers, and medical information such as diagnoses and disability codes.
The incident was reported to the FBI, the U.S. Department of Health and Human Services and local law enforcement. The company also posted a notice of the incident on its website.
The breach was officially disclosed to the Washington Attorney General on Jan. 23, 2026.
Neurological Associates of Washington's response
Following the discovery, Neurological Associates of Washington took several steps to address the breach and protect affected patients.
The practice migrated its electronic health records to a secure cloud platform and isolated prior records on a computer with no internet access to prevent further unauthorized access. The organization also filed reports with federal and local authorities and continues to investigate the incident.
As a resource for affected individuals, the practice is offering 12 months of complimentary credit monitoring and identity protection services. Those impacted are encouraged to monitor their financial accounts, obtain free credit reports from Equifax, Experian and TransUnion, and consider placing fraud alerts or security freezes on their credit files.
Additional recommendations include filing tax returns early to prevent tax-related identity theft and reporting any suspicious activity to the Federal Trade Commission or local law enforcement.
For questions or assistance, patients may contact the practice by phone at 425-505-2200, by email at medicalrecords@neuroassociates.us
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)