Data Breaches Reported by Southern Illinois Dermatology; Heart South Cardiovascular Group
Patient data has potentially been compromised in data incidents at Southern Illinois Dermatology and Heart South Cardiovascular Group in Alabama.
Southern Illinois Dermatology, Illinois
Southern Illinois Dermatology has notified an unspecified number of individuals about a data security incident it identified on November 28, 2025. An investigation was immediately launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts. The investigation confirmed unauthorized access to parts of its network where patient data was stored, and potentially, files were copied from its network. The affected data was reviewed and found to contain personal information and protected health information, including full names, addresses, dates of birth, Social Security numbers, telephone numbers, email addresses, person numbers, and medical record numbers. The types of data involved vary from individual to individual. Notification letters started to be mailed to the affected individuals on April 2, 2026.
Southern Illinois Dermatology has taken measures to augment cybersecurity and continually evaluates and modifies its security practices. While the threat group behind the attack was not disclosed, the Insomnia threat group took responsibility for the incident and claimed to have obtained the data of more than 150,000 patients. Samples of the stolen data were uploaded to its data leak site as proof, and the group proceeded to leak the data allegedly stolen in the attack.
Update April 8, 2026: The incident appears to have been worse than the attackers claimed. The data breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of up to 160,312 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Heart South Cardiovascular Group
Heart South Cardiovascular Group, a provider of cardiac testing and preventive treatment at centers in Alabama, has notified the Maine Attorney General about a data breach affecting up to 46,666 individuals, including 3 Maine residents. The incident was detected on November 11, 2025, when an unauthorized third party claimed to have obtained sensitive data from Heart South. An investigation was launched to determine the legitimacy of the claim, and while no evidence was found to indicate an intrusion or data exfiltration, Heart South confirmed that the threat actor had posted a limited amount of Heart South data online.
A review was conducted to determine all potentially affected individuals, which was completed on February 12, 2026. As a precaution, Heart South sent notification letters to all individuals whose data was stored on the parts of its network where the posted data was stored, and the potentially affected individuals have been offered complimentary credit monitoring and identity theft protection services. The Rhysida threat group claimed responsibility for the incident.
