Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
None
<div data-test-render-count="1"> <div class="group"> <div class="contents"> <div class="group relative relative pb-3" data-is-streaming="false"> <div class="font-claude-response relative leading-[1.65rem] [&_pre>div]:bg-bg-000/50 [&_pre>div]:border-0.5 [&_pre>div]:border-border-400 [&_.ignore-pre-bg>div]:bg-transparent [&_.standard-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&_.standard-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8 [&_.progressive-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&_.progressive-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8"> <div class="standard-markdown grid-cols-1 grid [&_>_*]:min-w-0 gap-3 standard-markdown"> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">What happened</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Three US healthcare organizations disclosed data breaches this week after the Department of Health and Human Services updated its breach tracker with incidents affecting a combined total of nearly 600,000 individuals.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The largest breach involves North Texas Behavioral Health Authority, which serves populations seeking mental health and substance abuse resources. The organization disclosed in March 2026 that it detected a network intrusion in October 2025, with an investigation confirming that unauthorized individuals may have accessed and exfiltrated files containing personal information including Social Security numbers. The incident affects 285,000 individuals.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Southern Illinois Dermatology, based in Salem, Illinois, disclosed that a cybersecurity incident detected in late November 2025 resulted in the compromise of files storing personal information, affecting 160,000 individuals. The Insomnia ransomware group claimed responsibility in February, asserting it stole data belonging to 150,000 patients and has since leaked the allegedly stolen data publicly.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Saint Anthony Hospital in Chicago disclosed that two employee email accounts were compromised in February 2025, exposing the personal and health information of 146,000 patients. The hospital has previously been targeted by LockBit, which listed the organization on its leak site in January 2024, though that incident appears unrelated to the current email compromise.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Who is affected</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Nearly 600,000 patients across Texas and Illinois face exposure of sensitive personal and health information. The North Texas Behavioral Health Authority breach is particularly sensitive given the nature of the organization’s services, with Social Security numbers among the potentially exfiltrated data. Southern Illinois Dermatology patients face additional exposure risk as the Insomnia ransomware group has already publicly leaked the alleged stolen data.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Why CISOs should care</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Three separate healthcare breaches disclosed in the same week, spanning network intrusion, ransomware exfiltration, and email account compromise, is a useful illustration of how many different entry points attackers use to reach the same category of high-value data. Healthcare organizations remain among the most targeted sectors precisely because the data they hold, mental health records, SSNs, patient histories, is both sensitive and monetizable.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The Southern Illinois Dermatology case also reinforces a pattern that security leaders should factor into breach response planning: ransomware groups are now routinely leaking data publicly regardless of whether a ransom is paid, removing the option of containment through non-disclosure.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">3 practical actions</h3> <ol class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-decimal flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><strong>Prioritize email account security as a first-order control:</strong> The Saint Anthony Hospital breach stemmed from two compromised employee email accounts. Multi-factor authentication, anomalous login alerting, and regular access reviews on email accounts holding patient data are foundational controls that this incident confirms are still being missed.</li> <li class="whitespace-normal break-words pl-2"><strong>Treat ransomware group leak site listings as a breach notification trigger:</strong> Southern Illinois Dermatology was listed on the Insomnia group’s site in February before the HHS disclosure. Organizations should monitor ransomware leak sites as part of their threat intelligence program and treat a listing as a presumptive breach requiring immediate investigation.</li> <li class="whitespace-normal break-words pl-2"><strong>Review network detection and response coverage for dwell time reduction:</strong> The North Texas Behavioral Health Authority intrusion occurred in October 2025 but was not disclosed until March 2026. Reducing the gap between initial compromise and detection is critical in limiting the volume of data that can be exfiltrated during prolonged unauthorized access.</li> </ol> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Also in the news today:</p> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/dozens-of-malicious-crypto-apps-land-in-apple-app-store/">Dozens of Malicious Crypto Apps Land in Apple App Store</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/new-lotus-data-wiper-used-against-venezuelan-energy-and-utility-firms/">New Lotus Data Wiper Used Against Venezuelan Energy and Utility Firms</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/italian-regulator-fines-national-postal-service-organizations-15-million-for-data-privacy-violations/">Italian Regulator Fines National Postal Service Organizations $15 Million for Data Privacy Violations</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/unsecured-perforce-servers-expose-sensitive-data-from-major-organizations/">Unsecured Perforce Servers Expose Sensitive Data From Major Organizations</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ngate-campaign-targets-brazil-trojanizes-handypay-to-steal-nfc-data-and-pins/">NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ransomware-negotiator-pleads-guilty-to-aiding-blackcat-attacks-in-2023/">Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023</a></li> </ul> </div> </div> </div> </div> </div> </div><p>The post <a rel="nofollow" href="https://cisowhisperer.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/">Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/" data-a2a-title="Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdata-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000%2F&linkname=Data%20Breaches%20at%20Healthcare%20Organizations%20in%20Illinois%20and%20Texas%20Affect%20600%2C000" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdata-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000%2F&linkname=Data%20Breaches%20at%20Healthcare%20Organizations%20in%20Illinois%20and%20Texas%20Affect%20600%2C000" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdata-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000%2F&linkname=Data%20Breaches%20at%20Healthcare%20Organizations%20in%20Illinois%20and%20Texas%20Affect%20600%2C000" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdata-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000%2F&linkname=Data%20Breaches%20at%20Healthcare%20Organizations%20in%20Illinois%20and%20Texas%20Affect%20600%2C000" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdata-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000%2F&linkname=Data%20Breaches%20at%20Healthcare%20Organizations%20in%20Illinois%20and%20Texas%20Affect%20600%2C000" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/?utm_source=rss&utm_medium=rss&utm_campaign=data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000">https://cisowhisperer.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/?utm_source=rss&utm_medium=rss&utm_campaign=data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000</a> </p>