Recent cybersecurity incidents have affected three healthcare institutions in the United States, compromising the data of approximately 600,000 individuals. These breaches span organizations in Illinois and Texas, marking a significant threat to patient privacy and data security.
Details of the Incidents
The United States Department of Health and Human Services (HHS) recently updated its data breach tracker, revealing critical information on these incidents. The most significant breach involved the North Texas Behavioral Health Authority, impacting 285,000 individuals. This organization, which supports mental health and substance abuse resources, identified a network intrusion in October 2025, disclosing it in March 2026.
Investigations into the breach revealed that unauthorized individuals potentially accessed sensitive files containing personal details, including Social Security Numbers. This raises concerns about the vulnerability of patient data within healthcare networks.
Further Breaches in Illinois
Southern Illinois Dermatology also reported a data breach affecting 160,000 individuals. The Salem-based skincare provider became aware of the issue in November 2025, with investigations concluding in March 2026. The breach compromised files containing personal information.
The Insomnia ransomware group, known for targeting healthcare entities, claimed responsibility by listing the provider on its website in February. The group reportedly leaked the data of 150,000 patients, highlighting the ongoing threat of ransomware attacks in healthcare.
Impact on Saint Anthony Hospital
Another significant breach involved Saint Anthony Hospital in Chicago, Illinois. The hospital reported to the HHS that an email security breach exposed the data of 146,000 individuals. This incident, which occurred in February 2025, involved the compromise of two employee email accounts.
Although not directly connected, Saint Anthony Hospital previously faced a threat from the LockBit ransomware group in January 2024, indicating a history of cybersecurity challenges for the institution.
The series of data breaches underscores the critical need for improved cybersecurity measures in healthcare sectors to protect sensitive patient information. As cyber threats continue to evolve, healthcare organizations must prioritize data protection and recovery strategies to mitigate future risks.
