Data breaches were disclosed by Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority.
Three US healthcare organizations – two in Illinois and one in Texas – have disclosed data breaches affecting a total of nearly 600,000 individuals.
The US Department of Health and Human Services (HHS) has updated its data breach tracker to include three major healthcare cybersecurity incidents, collectively impacting nearly 600,000 individuals. The disclosures highlight the growing scale of cyber threats facing healthcare organizations and the increasing exposure of sensitive patient data.
The largest breach involves the North Texas Behavioral Health Authority, which reported that approximately 285,000 individuals were affected. The organization, known for providing mental health and substance abuse services, identified a network intrusion that occurred in October 2025. Following an investigation, it was determined that unauthorized actors may have accessed and exfiltrated files containing sensitive personal information, including Social Security numbers. The breach was publicly disclosed in March 2026.
Another significant incident was reported by Southern Illinois Dermatology, affecting around 160,000 individuals. The Salem, Illinois-based provider detected a cybersecurity incident in late November 2025, with a subsequent investigation concluding in early March 2026 that files containing personal data had been compromised. The ransomware group Insomnia claimed responsibility for the attack, listing the organization on its leak site in February and alleging the theft of patient data. The group has since released the stolen information online, further escalating the severity of the breach.
The third breach involves Saint Anthony Hospital in Chicago, which disclosed that approximately 146,000 individuals were impacted by an email security incident. According to the hospital, two employee email accounts were compromised in February 2025, exposing both personal and protected health information of patients. While this incident appears unrelated, Saint Anthony Hospital had previously been targeted by the LockBit ransomware group, which listed the organization on its leak site in January 2024.
These incidents underscore the persistent vulnerabilities within healthcare systems, particularly as threat actors continue to exploit network access points, email systems, and third-party dependencies. With large volumes of highly sensitive data at stake, healthcare providers remain prime targets for cybercriminals seeking financial gain through data theft and ransomware attacks.
The latest additions to the HHS breach tracker reinforce the urgent need for stronger cybersecurity frameworks, continuous monitoring, and rapid incident response strategies across the healthcare sector. As attacks grow more sophisticated, organizations must prioritize both data protection and resilience to safeguard patient information and maintain operational integrity.
Recommended Cyber Technology News :
- Ice Open Network Hit by Insider Data Breach
- Bol.com Probes Data Breach Claims and Security Risks
- LACOE Investigates Potential Data Breach Incident
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
