Patient data has potentially been compromised in data incidents at Southern Illinois Dermatology and Heart South Cardiovascular Group in Alabama.

Southern Illinois Dermatology, Illinois

Southern Illinois Dermatology has notified an unspecified number of individuals about a data security incident it identified on November 28, 2025. An investigation was immediately launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts. The investigation confirmed unauthorized access to parts of its network where patient data was stored, and potentially, files were copied from its network. The affected data was reviewed and found to contain personal information and protected health information, including full names, addresses, dates of birth, Social Security numbers, telephone numbers, email addresses, person numbers, and medical record numbers. The types of data involved vary from individual to individual. Notification letters started to be mailed to the affected individuals on April 2, 2026.

Southern Illinois Dermatology has taken measures to augment cybersecurity and continually evaluates and modifies its security practices. While the threat group behind the attack was not disclosed, the Insomnia threat group took responsibility for the incident and claimed to have obtained the data of more than 150,000 patients. Samples of the stolen data were uploaded to its data leak site as proof, and the group proceeded to leak the data allegedly stolen in the attack.

Heart South Cardiovascular Group

Heart South Cardiovascular Group, a provider of cardiac testing and preventive treatment at centers in Alabama, has notified the Maine Attorney General about a data breach affecting up to 46,666 individuals, including 3 Maine residents. The incident was detected on November 11, 2025, when an unauthorized third party claimed to have obtained sensitive data from Heart South. An investigation was launched to determine the legitimacy of the claim, and while no evidence was found to indicate an intrusion or data exfiltration, Heart South confirmed that the threat actor had posted a limited amount of Heart South data online.

A review was conducted to determine all potentially affected individuals, which was completed on February 12, 2026. As a precaution, Heart South sent notification letters to all individuals whose data was stored on the parts of its network where the posted data was stored, and the potentially affected individuals have been offered complimentary credit monitoring and identity theft protection services. The Rhysida threat group claimed responsibility for the incident.

The post Data Breaches Reported by Southern Illinois Dermatology; Heart South Cardiovascular Group appeared first on The HIPAA Journal.

Signature Healthcare’s Brockton Hospital in Massachusetts is grappling with a cyberattack and has implemented its downtime procedures while the incident is investigated. Some procedures have been temporarily cancelled, and the electronic medical record system and patient portal have been taken offline.

Signature Healthcare treats around 70,000 patients a year in Southeastern Massachusetts at its 216-bed Brockton Hospital, and the 15 care locations served by Signature Medical Group. The cybersecurity incident was detected on April 6, 2026, which impacted its information systems. The emergency room was placed on divert, with ambulances sent to alternate facilities due to the inability to access key information technology systems, although emergency services continued to be provided to walk-ins.

While the hospital continued to provide inpatient services and surgeries were proceeding without interruption, patients faced delays and some services were postponed, including chemotherapy infusions at the Greene Cancer Center, which were cancelled on April 7. Signature Healthcare partially closed its Brockton and East Bridgewater pharmacies, with consultations still taking place but prescriptions unable to be filled.

Signature Healthcare issued a statement confirming that surgeries and procedures were continuing, that its ambulatory physician practices and urgent care facilities remained open. Without access to certain information systems, alternative methods of documentation were being used, and there were naturally some delays to patient care as a result.

Signature Healthcare said it is working with third-party cybersecurity specialists and federal officials to investigate the incident, determine the nature and scope of the unauthorized activity, and identify the source of the intrusion.  “Our care teams continue to provide high-quality care using established downtime procedures. We remain committed to serving our community throughout this process,” Kim Walsh, Signature Healthcare’s chief operating officer, said.

The priority is ensuring high-quality care continues to be provided to patients while the incident is investigated. Systems will be brought back online when it is safe to do so, and as the investigation progresses, it will become clear to what extent, if any, patient data has been compromised. At present, no threat actor appears to have claimed responsibility for the incident.

The post Ambulances Diverted from Brockton Hospital While Signature Healthcare Deals with Cyberattack appeared first on The HIPAA Journal.