Three healthcare organizations in the United States, located in Illinois and Texas, have recently disclosed significant data breaches that have compromised the personal information of nearly 600,000 individuals. The U.S. Department of Health and Human Services updated its data breach tracker to include these incidents, highlighting the ongoing threats facing healthcare providers. The largest breach was reported by North Texas Behavioral Health Authority, impacting 285,000 people. This organization, which specializes in mental health and substance abuse resources, discovered a network intrusion in October 2025, which was officially reported in March 2026. Unauthorized individuals had accessed and potentially removed files containing sensitive information such as Social Security numbers.

In Illinois, Southern Illinois Dermatology reported a breach affecting 160,000 individuals. The dermatology provider became aware of the incident in November 2025, with investigations completing by March the following year. The Insomnia ransomware group has claimed responsibility, stating that they have stolen and leaked the data of about 150,000 patients. Additionally, Saint Anthony Hospital in Chicago disclosed a separate breach involving the compromise of two employee email accounts, which exposed the personal and health information of 146,000 individuals. This breach occurred in February 2025. Saint Anthony Hospital had also been previously targeted by the LockBit ransomware group in 2024.

These breaches underscore the critical need for robust cybersecurity measures in healthcare facilities, particularly concerning identity controls and data segregation. As healthcare organizations continue to be prime targets for cybercriminals, ensuring the protection of sensitive patient information remains paramount.