Cybercriminal Groups Claim Breach of Insight Hospital & Medical Center in Chicago
Insight Hospital & Medical Center in Chicago disclosed an August 2025 data breach exposing sensitive patient information, including names, Social Security numbers, dates of birth, state-issued ID numbers, financial account details, treatment records, and health insurance data. The hospital detected "unusual activity" in its network in September 2025, confirming unauthorized access between August 22 and September 11. Notably, the breach notice did not offer free credit monitoring or identity theft protection.
Two ransomware groups Termite and LockBit have separately claimed responsibility for the attack. Termite alleged it stole 360 GB of data, while LockBit, which previously targeted the hospital in December 2025, claimed 200 GB of stolen files. Neither claim has been verified, and Insight Chicago has not acknowledged either group’s involvement. Details about the breach method, ransom demands, or whether a payment was made remain undisclosed.
About the Threat Actors:
- LockBit, a well-established ransomware operation, claimed 133 breaches in 2025, with 10 confirmed by victims. Recent attacks include Mt. Spokane Pediatrics (January 2026) and Hennessy Advisors (March 2025).
- Termite, a newer group, has seven confirmed attacks in 2025, including one on Genea, an Australian healthcare firm.
Broader Impact on U.S. Healthcare:
Ransomware attacks on healthcare providers surged in 2025, with 122 confirmed incidents tracked by Comparitech. Recent examples include:
- Greater Pittsburgh Orthopedic Associates (August 2025, 56,954 affected) – claimed by RansomHouse.
- New Age Dermatology (December 2025) – ransomware attack.
- Virginia Urology (November 2025, 1,893 affected) – claimed by MS13-089.
- Pecan Tree Dental (2026, 13,300 affected) – claimed by Sinobi.
- University of Mississippi Medical Center (2026) – ongoing recovery.
Such attacks disrupt critical systems, forcing hospitals to cancel appointments, divert patients, or revert to manual processes, endangering patient safety and data security.
About Insight Chicago:
Formerly Mercy Hospital and Medical Center, the 414-bed facility was acquired and rebranded by Insight Health Systems in 2021.
Insight Hospital and Medical Center cybersecurity rating report: https://www.rankiteo.com/company/insightchicago
Greater New York Hospital Association cybersecurity rating report: https://www.rankiteo.com/company/greater-new-york-hospital-association
"id": "INSGRE1772045793",
"linkid": "insightchicago, greater-new-york-hospital-association",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Chicago, Illinois, USA',
'name': 'Insight Hospital & Medical Center',
'size': '414-bed facility',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Breach notice issued to affected patients',
'data_breach': {'data_exfiltration': 'Alleged (360 GB by Termite, 200 GB by '
'LockBit)',
'personally_identifiable_information': 'Yes (names, SSNs, '
'DOB, state IDs, '
'financial details)',
'sensitivity_of_data': 'High (PII, PHI, financial data)',
'type_of_data_compromised': ['names',
'Social Security numbers',
'dates of birth',
'state-issued ID numbers',
'financial account details',
'treatment records',
'health insurance data']},
'date_detected': '2025-09',
'description': 'Insight Hospital & Medical Center in Chicago disclosed an '
'August 2025 data breach exposing sensitive patient '
'information, including names, Social Security numbers, dates '
'of birth, state-issued ID numbers, financial account details, '
'treatment records, and health insurance data. The hospital '
'detected unusual activity in its network in September 2025, '
'confirming unauthorized access between August 22 and '
'September 11. Two ransomware groups, Termite and LockBit, '
'have separately claimed responsibility for the attack, '
'alleging data exfiltration of 360 GB and 200 GB respectively, '
'though neither claim has been verified.',
'impact': {'brand_reputation_impact': 'Likely negative impact on brand '
'reputation',
'data_compromised': '360 GB (alleged by Termite), 200 GB (alleged '
'by LockBit)',
'identity_theft_risk': 'High (exposure of Social Security numbers, '
'financial account details, and PII)',
'operational_impact': 'Disruption of hospital operations, '
'potential cancellation of appointments or '
'diversion of patients',
'payment_information_risk': 'High (financial account details '
'exposed)'},
'investigation_status': 'Ongoing (unverified claims by threat actors)',
'motivation': ['financial_gain', 'data_exfiltration'],
'ransomware': {'data_exfiltration': 'Alleged (360 GB by Termite, 200 GB by '
'LockBit)',
'ransomware_strain': ['Termite', 'LockBit']},
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)']},
'response': {'communication_strategy': 'Public breach notice (no free credit '
'monitoring or identity theft '
'protection offered)'},
'threat_actor': ['Termite', 'LockBit'],
'title': 'Data Breach at Insight Hospital & Medical Center in Chicago',
'type': ['data_breach', 'ransomware']}