Three U.S. Healthcare Providers Hit by Cyberattacks, Exposing Data of 600,000 Individuals
In 2024, three U.S. healthcare organizations fell victim to separate cyberattacks, compromising the personal and health data of approximately 600,000 individuals, according to the Department of Health and Human Services' breach tracker.
The most severe breach targeted the North Texas Behavioral Health Authority, where attackers stole sensitive information including Social Security numbers from 285,000 people in an October 2024 incident. Meanwhile, Southern Illinois Dermatology reported that 160,000 individuals had their data exposed in a late November 2024 breach, with the Insomnia ransomware gang claiming responsibility for compromising 150,000 patients.
Additionally, Saint Anthony Hospital in Illinois disclosed a February 2025 intrusion involving two employee email accounts, leading to the exposure of 146,000 individuals' personal and health records. While details on the attackers remain unclear, the hospital had previously been targeted by the LockBit ransomware gang.
The incidents highlight ongoing cybersecurity risks in the healthcare sector, with ransomware groups continuing to exploit vulnerabilities in critical infrastructure.
Source: https://www.scworld.com/brief/almost-600k-reportedly-impacted-by-separate-us-healthcare-breaches
Saint Anthony Hospital TPRM report: https://www.rankiteo.com/company/st.-anthony's-memorial-hospital
Southern Illinois Dermatology TPRM report: https://www.rankiteo.com/company/southern-illinois-university
"id": "st.sou1776926092",
"linkid": "st.-anthony's-memorial-hospital, southern-illinois-university",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '285,000',
'industry': 'Healthcare',
'location': 'Texas, USA',
'name': 'North Texas Behavioral Health Authority',
'type': 'Healthcare Provider'},
{'customers_affected': '160,000',
'industry': 'Healthcare',
'location': 'Illinois, USA',
'name': 'Southern Illinois Dermatology',
'type': 'Healthcare Provider'},
{'customers_affected': '146,000',
'industry': 'Healthcare',
'location': 'Illinois, USA',
'name': 'Saint Anthony Hospital',
'type': 'Healthcare Provider'}],
'data_breach': {'number_of_records_exposed': '600,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal data',
'Health data',
'Social Security numbers']},
'date_publicly_disclosed': ['October 2024', 'November 2024', 'February 2025'],
'description': 'In 2024, three U.S. healthcare organizations fell victim to '
'separate cyberattacks, compromising the personal and health '
'data of approximately 600,000 individuals. The incidents '
'involved ransomware attacks and unauthorized access to '
'sensitive data, including Social Security numbers and health '
'records.',
'impact': {'data_compromised': 'Personal and health data of approximately '
'600,000 individuals',
'identity_theft_risk': 'High (Social Security numbers exposed)'},
'ransomware': {'ransomware_strain': ['Insomnia', 'LockBit']},
'references': [{'source': "Department of Health and Human Services' breach "
'tracker'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'threat_actor': ['Insomnia ransomware gang', 'LockBit ransomware gang'],
'title': 'Three U.S. Healthcare Providers Hit by Cyberattacks, Exposing Data '
'of 600,000 Individuals',
'type': ['Data Breach', 'Ransomware']}