"An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. The following types of information could be involved: name, Social Security number, date of birth, driver's license number, passport number, financial account information, and treatment-related information, including health insurance information."
"On February 24, the group calling itself Termite added Insight to its dark web leak site, claiming they had acquired 360 GB (about 900,000 files) of 'confidential data.' But Termite didn't just publish some proof of claims and limited data. They leaked all of the data in a multi-part tranche that includes numerous .jpeg and .dcm files."
"Even though identity information and protected health information may have been accessed, Insight's substitute notice made no mention of offering affected individuals any free mitigation services. Mitigation services may be in order, however, and sooner rather than later."
Insight Hospital and Medical Center in Chicago discovered unauthorized network access occurring between August 22 and September 11, 2025. The breach potentially exposed names, Social Security numbers, dates of birth, driver's license numbers, passport numbers, financial account information, and treatment-related health data. As of January 26, 2026, Insight had not notified affected individuals, stating notification would occur upon completion of its review. Notably, no free mitigation services were offered in the substitute notice. On February 24, 2026, a threat actor group called Termite published the entire dataset—approximately 360 GB containing 900,000 files—on a dark web leak site, including image and medical imaging files.
#healthcare-data-breach #protected-health-information-exposure #dark-web-leak #identity-theft-risk #incident-response
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]