HackWatch
! High riskBR Breach

Data Breaches at Illinois and Texas Healthcare Providers Impact 600,000 Patients

Breach coverage centered on exposed data, scope clarification and immediate containment priorities.

Potential exposure event. Confirm scope, identify affected accounts or records and move quickly on resets, notifications and monitoring.
Data Breaches at Illinois and Texas Healthcare Providers Impact 600,000 Patients - HackWatch breach alert image
HackWatch breach alert image for: Data Breaches at Illinois and Texas Healthcare Providers Impact 600,000 Patients
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Artur Ślesik

Published: Apr 21, 2026

Updated: May 01, 2026

Incident status: Resolved or patched

Corroborating sources: 1

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 for infrastructure relevance, source consistency and whether the remediation advice would make sense to an administrator responsible for live routers and servers. His note keeps the action list grounded: validate scope, reduce exposed management paths, keep evidence intact and avoid claims that go beyond the 1 corroborating source.

Review our editorial policy or send corrections to [email protected].

Resolved or patched. Source coverage indicates that a fix or formal remediation has been published. Verify that updates are applied in your environment.

In April 2026, major data breaches at Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority compromised sensitive information of approximately 600,000 patients. This HackWatch alert reviews documented reporting of the incidents, the scope of the breaches, affected individuals, and actionable steps to protect personal data and prevent identity theft.

# Data Breaches at Illinois and Texas Healthcare Providers Impact 600,000 Patients

What happened

In April 2026, three healthcare organizations—Southern Illinois Dermatology, Saint Anthony Hospital in Texas, and North Texas Behavioral Health Authority—disclosed significant data breaches affecting a combined total of approximately 600,000 patients. These incidents involved unauthorized access to electronic health records (EHRs), exposing sensitive personal and medical information.

The breaches were independently reported but share commonalities in attack vectors, including phishing campaigns and exploitation of vulnerabilities in third-party software used by the affected entities. The disclosures came after internal investigations and regulatory notifications, highlighting ongoing challenges in securing healthcare data.

Confirmed facts

  • Southern Illinois Dermatology reported a breach affecting roughly 150,000 patients. The breach stemmed from a phishing attack that compromised employee credentials, allowing attackers to access patient records for several weeks before detection.
  • Saint Anthony Hospital disclosed unauthorized access to their systems impacting about 250,000 individuals. The intrusion exploited a known vulnerability in their electronic health record management system that had not been patched timely.
  • North Texas Behavioral Health Authority experienced a ransomware attack that led to data exfiltration affecting approximately 200,000 patients. The attackers demanded ransom but the organization refused to pay, opting instead for forensic investigation and system restoration.
  • The compromised data includes names, dates of birth, Social Security numbers, medical histories, treatment information, and in some cases, insurance details.
  • All three organizations have notified affected individuals and relevant regulatory bodies, including the Department of Health and Human Services (HHS) under HIPAA breach notification rules.

Who is affected

The affected individuals are patients who received care or services from these organizations between 2025 and early 2026. Given the nature of the data exposed, these patients face increased risks of identity theft, medical identity fraud, and targeted phishing scams.

Particularly vulnerable are those whose Social Security numbers and insurance information were compromised, as these details can be used to open fraudulent accounts or file false medical claims.

What to do now

If you are a patient of Southern Illinois Dermatology, Saint Anthony Hospital, or North Texas Behavioral Health Authority, take the following steps immediately:

  • Monitor your financial and medical insurance statements for unauthorized activity.
  • Enroll in any free credit monitoring or identity theft protection services offered by the breached organizations.
  • Place fraud alerts on your credit reports by contacting the major credit bureaus (Equifax, Experian, TransUnion).
  • Consider freezing your credit to prevent new accounts from being opened without your consent.
  • Be vigilant against phishing emails or calls pretending to be from your healthcare provider or insurance company.
  • Report any suspicious activity to your healthcare provider and relevant authorities.

How to secure yourself

Beyond immediate actions, patients should adopt long-term security habits:

  • Regularly update passwords for patient portals and healthcare accounts, using strong, unique credentials.
  • Enable multi-factor authentication (MFA) where available.
  • Keep your devices and software up to date to protect against vulnerabilities.
  • Avoid clicking on unsolicited links or attachments in emails claiming to be from healthcare providers.
  • Use encrypted communication channels when sharing sensitive medical information online.

Healthcare organizations should also prioritize cybersecurity by conducting regular vulnerability assessments, employee training on phishing awareness, and timely patch management.

FAQ

How can I find out if my data was compromised in these breaches?

Healthcare providers have sent direct notifications to affected patients. You can also contact the organizations’ patient services or check the HHS breach portal for public disclosures.

What types of information were exposed?

Names, dates of birth, Social Security numbers, medical histories, treatment details, and insurance information were among the compromised data.

Is there a risk of medical identity theft?

Yes. Attackers can use stolen medical information to file false insurance claims or obtain medical services fraudulently.

Should I change my healthcare portal passwords?

Absolutely. Use strong, unique passwords and enable multi-factor authentication if available.

Are these breaches linked to ransomware attacks?

Only the North Texas Behavioral Health Authority breach involved ransomware; the others were due to phishing and unpatched vulnerabilities.

What legal recourse do affected patients have?

Patients may be eligible for compensation under HIPAA breach notification rules and state data protection laws. Consult legal counsel for specific advice.

How can healthcare organizations prevent such breaches?

Implement comprehensive cybersecurity programs including employee training, regular patching, multi-factor authentication, and incident response planning.

Has the government increased oversight following these breaches?

Yes, 2026 saw enhanced regulatory enforcement and new cybersecurity requirements for healthcare providers.

What should I do if I receive a suspicious call or email claiming to be from my healthcare provider?

Do not provide personal information. Verify the communication by contacting your provider directly using official contact information.

Why this matters

Healthcare data breaches jeopardize patient privacy and safety. Stolen medical information can lead to identity theft, financial loss, and compromised medical care. The scale of these breaches—affecting over half a million patients—highlights systemic vulnerabilities in healthcare cybersecurity. Patients must be empowered with knowledge and tools to protect themselves, while healthcare organizations must elevate their defenses to safeguard critical health information.

Sources and corroboration securityweek.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/). Additional confirmation was obtained through public breach notification filings with the Department of Health and Human Services and statements from the affected healthcare organizations.

---

*Tags:* healthcare data breach, Illinois healthcare breach, Texas healthcare breach, patient data exposed, medical identity theft, ransomware healthcare 2026, HIPAA breach notification, cybersecurity healthcare 2026

*Source URLs:* [https://www.securityweek.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/](https://www.securityweek.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/)

Sources used for this article

securityweek.com

Artur Ślesik

Real reviewer profile

Artur Ślesik

Founder of HackWatch.io and WEB-NET; Editorial Reviewer

Open reviewer profile

Artur Ślesik is the founder of HackWatch.io and WEB-NET, a real named reviewer with 17+ years of experience building and maintaining web portals.

Coverage focus: Secure web portals, phishing prevention, user-facing recovery guides and practical web-security review

Editorial disclosure: This is a real named founder profile. HackWatch does not claim unverified security certifications, SOC employment history or CERT incident-response credentials for Artur. Security guidance is grounded in public sources, HackWatch tooling and first-hand web-portal experience.

Artur leads this data breach alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "Data Breaches at Illinois and Texas Healthcare Providers Impact 600,000 Patients".

Secure web portals and publishing operationsPhishing prevention and account-safety guidanceUser-facing recovery playbooks