Heart South Cardiovascular Group and Southern Illinois Dermatology: Southern Illinois Dermatology warns patients of data breach that leaked SSNs

Southern Illinois Dermatology Suffers Massive Data Breach Affecting 160,000 Patients

Southern Illinois Dermatology has notified 160,312 individuals of a November 2025 data breach that exposed sensitive personal and medical information, including names, Social Security numbers, addresses, phone numbers, email addresses, medical record numbers, and internal "person numbers." The U.S. Department of Health and Human Services disclosed the breach’s scale this week.

The cybercriminal group Insomnia claimed responsibility for the attack on February 7, 2026, posting sample documents on its leak site to verify its involvement. According to Insomnia, it first alerted the clinic and likely demanded a ransom on November 28, 2025. Southern Illinois Dermatology has not confirmed the group’s claims, and details about the breach’s method, ransom demand, or payment remain undisclosed.

In a March 4, 2026 notice to affected individuals, the clinic stated that a forensic investigation revealed an unauthorized third party had accessed or acquired files containing protected health information. Southern Illinois Dermatology operates 13 clinics across southern Illinois.

Who is Insomnia?
Emerging in February 2026, Insomnia is a ransomware group that steals data rather than encrypting systems, extorting victims by threatening to sell or leak stolen information. The group primarily targets U.S. healthcare providers, with 11 of its 30 claimed attacks hitting the sector. Only one other organization Enviro-Hub Holdings in Singapore has confirmed an Insomnia-related breach.

Broader Impact on U.S. Healthcare
The Southern Illinois Dermatology breach ranks as the 14th-largest healthcare data exposure in 2025, part of a surge in ransomware attacks on the sector. Comparitech researchers recorded 135 ransomware incidents against U.S. healthcare providers in 2025, compromising at least 11.9 million records. Notable 2025 breaches include:

• Heart South Cardiovascular Group (AL) – 46,666 records (Rhysida ransomware, $630K demand)
• Rocky Mountain Associated Physicians (UT) – 50,640 records (PEAR ransomware)
• Windward Life Care (CA) – December 2025 breach (Sinobi ransomware)

In 2026, nine confirmed ransomware attacks on U.S. healthcare providers have been logged, alongside 83 unconfirmed claims.

Source: https://www.comparitech.com/news/southern-illinois-dermatology-warns-patients-of-data-breach-that-leaked-ssns/

Heart South Cardiovascular Group TPRM report: https://www.rankiteo.com/company/heartlandhealthservices-centralillinois

Southern Illinois Dermatology TPRM report: https://www.rankiteo.com/company/southern-illinois-university-school-of-medicine

"id": "heasou1776796287",
"linkid": "heartlandhealthservices-centralillinois, southern-illinois-university-school-of-medicine",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '160,312 patients',
                        'industry': 'Healthcare',
                        'location': 'Southern Illinois, USA',
                        'name': 'Southern Illinois Dermatology',
                        'size': '13 clinics',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Notification sent to affected individuals on March 4, '
                        '2026',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '160,312',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PHI and PII)',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'Addresses',
                                              'Phone numbers',
                                              'Email addresses',
                                              'Medical record numbers',
                                              "Internal 'person numbers'"]},
 'date_detected': '2025-11-28',
 'date_publicly_disclosed': '2026-03-04',
 'description': 'Southern Illinois Dermatology suffered a data breach in '
                'November 2025, exposing sensitive personal and medical '
                'information of 160,312 patients. The cybercriminal group '
                'Insomnia claimed responsibility for the attack, threatening '
                'to leak or sell the stolen data.',
 'impact': {'brand_reputation_impact': 'Likely significant',
            'data_compromised': '160,312 records',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion (data theft and threat of leakage/sale)',
 'ransomware': {'data_encryption': 'No', 'data_exfiltration': 'Yes'},
 'references': [{'source': 'U.S. Department of Health and Human Services'},
                {'source': 'Insomnia leak site'},
                {'source': 'Southern Illinois Dermatology breach notice'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'U.S. Department of '
                                                       'Health and Human '
                                                       'Services'},
 'response': {'communication_strategy': 'Notification to affected individuals '
                                        'on March 4, 2026',
              'third_party_assistance': 'Forensic investigation'},
 'threat_actor': 'Insomnia',
 'title': 'Southern Illinois Dermatology Data Breach',
 'type': 'Data Breach'}