Southern Illinois Dermatology this week confirmed it notified 160,312 people of a November 2025 data breach that compromised the following info:
- Names
- Social Security numbers
- Addresses
- Phone numbers
- Email addresses
- Medical record numbers
- “Person number”
The chain of clinics started notifying breach victims earlier this month of a “cybersecurity incident” in which an unauthorized party accessed patient data. The US Department of Health and Human Services this week disclosed the total number of people notified.
A cybercriminal group called Insomnia took credit for the breach on February 7, 2026. To prove its claim, Insomnia posted sample images of what it says are documents stolen from Southern Illinois Dermatology. The post on Insomnia’s data leak website says the ransomware group first notified the clinic of the hack–and presumably demanded a ransom–on November 28, 2025.
Southern Illinois Dermatology has not acknowledged Insomnia’s claim and Comparitech cannot independently verify it. We do not know how attackers breached the clinic’s network, how much Insomnia demanded, or if Southern Illinois Dermatology paid a ransom. The clinic could not be reached for comment.
“On November 28, 2025, Southern Illinois Dermatology learned certain systems within our network environment were affected by a cybersecurity incident,” says the clinic’s notice (PDF) to breach victims.
“Following a thorough forensic investigation and extensive data review, on March 4, 2026, we determined that the files that were potentially accessed and/or acquired by an unauthorized third-party contained personal information or protected health information […]”
Who is Insomnia?
Insomnia is a cybercriminal group that started claiming breaches on its data leak site in February 2026. It mainly targets US healthcare providers like Southern Illinois Dermatology. Unlike most ransomware groups, Insomnia doesn’t encrypt target systems. Instead, it focuses on stealing data and then extorting organizations by threatening to sell or release that data.
Besides Southern Illinois Dermatology, only one other organization targeted by Insomnia has confirmed one of the group’s 30 attack claims. Enviro-Hub Holdings in Singapore reported a January 2026 data breach claimed by Insomnia.
Out of Insomnia’s 30 attack claims to date, 11 hit healthcare providers and two hit healthcare manufacturers.
Ransomware attacks on US healthcare
Comparitech researchers logged 135 ransomware attacks on US hospitals, clinics, and other healthcare providers in 2025. Those attacks compromised at least 11.9 million personal and medical records.
This attack on Southern Illinois Dermatology is the 14th-largest based on number of records affected. Other such breaches include:
- Heart South Cardiovascular Group (AL) notified 46,666 people of a November 2025 data breach for which Rhysida demanded $630,000 in ransom
- Rocky Mountain Associated Physicians (UT) notified 50,640 people of an October 2025 data breach claimed by PEAR
- Windward Life Care (CA) reported a December 2025 data breach claimed by Sinobi
In 2026 so far, we’ve logged nine confirmed ransomware attacks on US healthcare providers, plus 83 unconfirmed attack claims.
About Southern Illinois Dermatology
Southern Illinois Dermatology operates 13 clinics in Anna, Carbondale, Centralia, Du Quoin, Harrisburg, Herrin, Mt. Vernon, Murphysboro, Red Bud, Salem, Steeleville, Vandalia, and West Frankfort.
