Threat actors continue to target the American healthcare industry. Three US organizations – one in Texas and two in Illinois – have disclosed significant data breaches affecting nearly 600,000 individuals in total.

The data breach tracker on the US Department of Health and Human Services website has just been updated to include the exact numbers for three healthcare-related cybersecurity incidents. In total, over half a million people seem to have been affected.

The breach of the North Texas Behavioral Health Authority, an organization providing resources for mental health and substance abuse, is the largest, affecting 285,000 individuals.

The organization revealed in March that it had detected a network intrusion in October 2025. It looks like unauthorized attackers may have accessed and exfiltrated files containing personal information, including Social Security numbers.

“Following the completion of our investigation, it was determined that some of our files may have been accessed and removed by the unauthorized individual(s) between October 13th, 2025, and October 15th, 2025,” the North Texas Behavioral Health Authority said in an earlier notice.

“We conducted a thorough review of the potentially impacted data, and on January 7th, 2026, we determined that the impacted files may have contained personal information.”

Southern Illinois Dermatology, a skincare provider, has disclosed that 160,000 individuals were affected by a cyberattack on its networks.

A recently completed investigation showed that files storing personal data were compromised, most likely by the Insomnia ransomware group.

“Following a thorough forensic investigation and extensive data review, on March 4th, 2026, we determined that the files that were potentially accessed and/or acquired by an unauthorized third-party contained personal information or protected health information, such as full names, addresses, dates of birth, Social Security numbers, telephone number, email address, person number, and medical record number,” said the organization.

Finally, the third breach hit Saint Anthony Hospital in Chicago. According to the data on the HHS website, a security incident dating back to February 2025 exposed the information of 146,000 individuals.

“An unauthorized party may have gained access to two Saint Anthony employee email accounts. The incident resulted in unauthorized access and/or acquisition of certain files of unstructured data from within the network,” said the hospital, before determining that the data contained patient personal information.

In East Texas, the sensitive personal and medical data of more than 257,000 patients was recently exposed following a data breach at another healthcare facility, Nacogdoches Memorial Hospital.

The stolen details include Social Security numbers and medical record information – the kind of data attackers can use for identity theft and phishing.

---

Unlock more exclusive Cybernews content on YouTube.