donutleaks attacks Monarch

Incident Date:

September 1, 2022

World map



donutleaks attacks Monarch






Albemarle, USA

North Carolina, USA

First Reported

September 1, 2022

Monarch NC: A Statewide Provider of Mental Health and Human Services Targeted by Ransomware Group Donutleaks

Overview of the Attack

Monarch NC, a prominent provider of mental health and human services across North Carolina, has recently fallen victim to a ransomware attack orchestrated by the group known as Donutleaks. This incident was disclosed on the group's dark web leak site. Monarch NC has been a key player in the Healthcare Services sector since 1958, dedicated to delivering high-quality, trauma-informed care to individuals with intellectual and developmental disabilities, mental illness, and substance use disorders.

Impact on Healthcare Services

As one of the largest non-profits in North Carolina, Monarch NC offers a comprehensive suite of services aimed at supporting the well-being of its clients. These services range from crisis intervention and outpatient services to residential options and employment support, alongside a creative arts day program named Studio 651. The ransomware attack underscores the ongoing cybersecurity threats faced by healthcare organizations, emphasizing the critical need for enhanced protective measures to safeguard sensitive data and ensure service continuity.

Response to the Attack

While specific details regarding the nature of the ransomware attack on Monarch NC remain undisclosed, the incident serves as a stark reminder of the cybersecurity challenges confronting the healthcare sector. Prior to the attack, Monarch NC was engaged in significant technological advancements, including the implementation of a new electronic health record system and preparations for Medicaid transformation within North Carolina. The COVID-19 pandemic further tested the organization's adaptability, prompting a swift expansion of telehealth services and adjustments to program operations to meet emerging health demands.

The attack on Monarch NC highlights the imperative for healthcare organizations to maintain heightened vigilance against cyber threats. Investing in robust cybersecurity frameworks is essential to protect organizational infrastructure and the privacy of those served, ensuring the uninterrupted delivery of critical health services.


  • Monarch NC 2020 Impact Report - URL not provided
  • Healthcare IT News - URL not provided
  • Cybersecurity Ventures - URL not provided

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.