In a troubling development, the ransomware group known as Devman has asserted that it successfully hacked Family Health West, a healthcare provider in Colorado, and is demanding a ransom of $700,000. The gang has set a four-day deadline for the payment, threatening to make the stolen data public if their demands are not met.
The incident was officially acknowledged by Family Health West, which reported a cyber attack that led to the shutdown of all electronic systems across its facilities. Despite these disruptions, the hospital stated that, at that point, there was no evidence of data encryption or loss. "Family Health West (FHW) is actively responding to a recent cybersecurity event that was swiftly detected and contained by its IT and Informatics teams," the hospital explained in a Facebook post on October 29, 2025. "At this time, there is no evidence that any patient or employee data has been lost or encrypted, and all attempts appear to have been successfully blocked."
"Family Health West (FHW) is actively responding to a recent cybersecurity event that was swiftly detected and contained by its IT and Informatics teams,"
However, Devman has claimed to have stolen around 120 GB of sensitive data from the hospital. This claim was made on the group’s data leak site, which features Family Health West among its targets. The healthcare provider has not yet verified the group’s assertion, leaving questions about the extent of the data compromise and the specifics of the attack unanswered. As of now, it remains unclear whether Family Health West will comply with the ransom demand.
The Devman group is relatively new to the ransomware landscape, with their activities surfacing in April 2025. However, evidence indicates connections to well-known ransomware organizations like Conti, Black Basta, and DragonForce. They operate a ransomware-as-a-service model, allowing affiliates to utilize their malware and systems for cyber attacks and ransom negotiations. Devman has claimed responsibility for a total of 41 attacks, with an average ransom demand of $4.4 million.
In terms of their attack history, Family Health West marks Devman’s inaugural assault on a healthcare institution and their first breach within the United States. Previous targets of the group include various international organizations, such as government agencies and businesses across multiple sectors.
By the Numbers
By the Numbers
By the Numbers
The issue of ransomware attacks in the U.S. healthcare sector has been pervasive. In 2025 alone, researchers have documented 71 confirmed incidents impacting hospitals and clinics, compromising over 7.5 million records. Other examples include a June 2025 data breach at Mission City Community Network, attributed to the SafePay group, and a February breach at Heartland Health Center with a $180,000 ransom demand from the Medusa gang.
Ransomware attacks pose significant risks to healthcare facilities. When attacked, these organizations face the potential loss of crucial data and the crippling of essential systems, raising serious concerns about patient safety and data security. During such attacks, hospitals may need to revert to manual processes, postpone appointments, and delay critical care services, putting patients at increased risk.
Family Health West operates as a 25-bed hospital with an emergency room and specialty clinics, serving the Grand Valley area of Mesa County, Colorado. As they navigate the repercussions of the attack, the hospital emphasizes the importance of security and recovery protocols.
The evolving landscape of ransomware, especially targeting healthcare providers, necessitates heightened vigilance and protection protocols. As individuals and organizations continue to grapple with these cyber threats, the need for robust cybersecurity measures has never been more critical. The healthcare sector remains a prime target due to the sensitive nature of the data involved and the urgency surrounding patient care operations.
