What You Need to Know about the Illinois and Texas Healthcare Data Breaches

Three prominent healthcare organizations in the United States have officially disclosed major data breaches that have compromised the personal and medical information of about 600,000 people. The affected organizations were Southern Illinois Dermatology and Saint Anthony Hospital in Illinois and the North Texas Behavioral Health Authority (NTBHA) in Texas. Saint Anthony is a renowned nonprofit acute care hospital serving Chicago’s West Side, Southern Illinois Dermatology is a key regional skincare provider in Salem, and the NTBHA provides vital mental health and substance abuse services across North Texas. 

The largest of three incidents involved the NTBHA affecting 285,086 individuals. The organization identified unauthorized activity within its computer systems in late 2025, and an investigation confirmed that an unauthorized third party accessed its network, during which time files containing patient information may have been viewed or acquired. The compromised data may have included names, addresses, Social Security numbers, driver's license numbers, medical information, health insurance information, and dates of birth.

The second incident involved Southern Illinois Dermatology, which confirmed that certain systems in its network environment were affected by a cybersecurity incident. A notice from the organization stated that files potentially accessed or acquired by an unauthorized third party contained personal information or protected health information. The exposed information affected a total of 160,312 people and may have included names, addresses, dates of birth, Social Security numbers, telephone numbers, email addresses, person numbers, and medical record numbers.

The third incident involved the Saint Anthony Hospital in Chicago. The hospital stated that an unauthorized party may have accessed two employee email accounts and certain unstructured files within its network. Saint Anthony said its electronic health records system was not affected, but certain files and folders were accessed or acquired. Such files and folders were believed to contain personal and health information of about 146,108 patients.

When Were the Illinois and Texas Healthcare Data Breaches?

According to the NTBHA's investigation, the authorized network access occurred between October 13 and October 15, 2025. However, on January 7, 2026, the organization determined that affected files may have contained personal information and began notifying affected individuals on March 6, 2026.

The cybersecurity attack on the Southern Illinois Dermatology network was identified on November 28, 2025. After forensic investigation and data review, the provider determined on March 4, 2026, that potentially accessed or acquired files contained personal information or protected health information. The organization began notifying affected individuals on April 2, 2026.

The unauthorized access to files and folders on Saint Anthony Hospital's network occurred on February 27, 2025. The organization's review of the incident concluded around February 13, 2026, while the hospital mailed notices to potentially affected individuals on March 6, 2026.

How to Check if Your Data Was Breached

Persons affected by these breaches have been sent notices by the relevant healthcare organization in accordance with the HIPAA breach notification rule. All three companies commenced issuing notices to affected individuals between March and April, 2026. Therefore, if you believe that your data may have been breached, watch your mail for a notification letter.

However, if you have received care from any of the three organizations and have not received a notification, you may contact the organization directly through its official response line or official website. Southern Illinois Dermatology may be contacted on a dedicated toll-free response line at 1-833-997-6029, while Saint Anthony's Hospital is available at 1-833-844-5403. 

You may also use services like HaveIBeenPwned.com and AmIBreached.com to check whether your email address appears in known data breaches, although healthcare-specific information may not be captured by such services.

What to Do If Your Data Was Breached

If your data was breached in any of the incidents, you should start by reviewing any specific steps highlighted in the notice sent by the healthcare organization. This is because the exact risk you are exposed to depends on which organization held your data and the specific data elements leaked. For instance, Saint Anthony advised affected patients and families to review explanation-of-benefits statements and follow up on unfamiliar items.

You should also monitor financial accounts, credit reports, medical bills, insurance statements, and patient portal activity. North Texas Behavioral Health Authority also advised affected individuals to review credit reports and medical information for unfamiliar activity.

It is important for affected persons to be cautious of phishing attempts. This is because a criminal may use exposed names, healthcare provider details, email addresses, medical record numbers, or dates of birth to make scam emails or phone calls appear legitimate. Do not click unexpected links, download attachments, or provide personal details unless you verify the request through an official phone number or website.

Are There Any Lawsuits Because of the Illinois and Texas Healthcare Data Breaches?

While no class action lawsuits have been certified, several law firms have opened investigations into the breaches and are considering filing them.

• Southern Illinois Dermatology breach: Multiple law firms, including Edelson Lechtzin LLP, Schubert Jonckheer & Kolbe LLP, and attorneys working with ClassAction.org, are investigating the cybersecurity incident. The investigation is exploring whether the delayed notification may have violated state and federal laws.
• Saint Anthony Hospital breach: Although the hospital has faced prior class action litigation, including a $1.46 million settlement over biometric data privacy violations, no class action has been filed specifically regarding the 2026 email breach.
• North Texas Behavioral Health Authority breach: Several law firms have launched investigations in response to the breach and are considering filing a class-action lawsuit. Markovits, Stock & DeMarco stated that it was investigating claims on behalf of people affected by the NTBHA breach, while Schubert Jonckheer & Kolbe LLP announced an investigation into unauthorized access to information about about 285,000 individuals.

Can My Healthcare Information Be Used for Identity Theft?

Yes. Since these data breaches involve personally identifiable and protected health information, such as Social Security numbers, dates of birth, addresses, medical record numbers, and health insurance information, healthcare data can be used for identity theft.

Attackers may use a victim's insurance policy numbers and Social Security numbers to receive treatments, obtain prescription medications, or file fraudulent claims. This can lead to inaccurate entries appearing in your medical records. Additionally, cybercriminals may combine Social Security numbers with dates of birth and addresses to file false tax returns or open lines of credit.

What Can You Do to Protect Yourself Online?

Considering the sensitive nature of the data exposed across these incidents, it is important to take the following specific steps to protect yourself:

• Consider a credit freeze or fraud alert: Contact all three major credit bureaus (Equifax, Experian, and TransUnion) to place a credit freeze, which prevents new accounts from being opened in your name. In addition, a fraud alert instructs creditors to verify your identity before opening a new credit account.
• Enroll in credit and identity monitoring: The NTBHA has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers were involved. You should check your notification letter for enrollment details. Individuals affected by the other two breaches should also check their notification letters for similar offers.
• Review your Explanation of Benefits (EOB) statements: Go through all health insurance statements for treatments, prescriptions, or procedures you did not receive. Report any discrepancies to your insurer immediately.
• Enable two-factor authentication (2FA): Activate 2FA on all important accounts, especially email, banking, and any patient portal accounts connected to the affected organizations.
• Be alert for phishing: Do not click on links or download attachments in unsolicited emails or text messages, even if they appear to come from your healthcare provider. Always verify the sender's identity independently before engaging.
• Change your patient portal passwords: Update login credentials for any online healthcare portals associated with Southern Illinois Dermatology, Saint Anthony Hospital, or North Texas Behavioral Health Authority. Avoid reusing the same password across multiple accounts.
• Report suspected misuse immediately: If you believe your information is being misused, report it to the Federal Trade Commission at IdentityTheft.gov, and if you are in Texas, notify the Texas Attorney General's office. Illinois residents can file a complaint with the Illinois Attorney General.