Insight Hospital and Medical Center Announces Cyberattack & Data Breach
Insight Hospital and Medical Center Announces Cyberattack & Data Breach
Posted By Steve Alder on Mar 3, 2026
Data breaches have been announced by Insight Hospital and Medical Center in Chicago and Community Health Action of Staten Island. BlueCross BlueShield of Tennessee has confirmed it was one of the healthcare organizations affected by the Conduent Business Services data breach.
Insight Hospital and Medical Center
Insight Hospital and Medical Center in Chicago has announced a data security incident that was first identified in September 2025. Unusual activity was identified within its IT environment, and the forensic investigation confirmed unauthorized access to its network between August 22, 2025, and September 11, 2025.
The data review is ongoing to determine the individuals affected and the data involved; however, the likely information compromised in the incident may include names, dates of birth, Social Security numbers, passport numbers, financial account information, treatment-related information, and health insurance information. Notification letters will be mailed to the affected individuals when the data review is completed.
Two threat groups have claimed attacks on Insight Hospital and Medical Center. The LockBit5 group added the Chicago hospital and medical center to its data leak site on December 4, 2025, along with data allegedly stolen in the attack. LockBit claimed to have stolen “almost 200 gigabytes of medical secrets.” More recently, a group called Termite added Insight Hospital and Medical Center to its data leak site. Termite claims to have exfiltrated 360 GB of data in the attack and leaked the stolen data in late February 2026.
Community Health Action of Staten Island
Community Health Action of Staten Island, the operator of programs and social services for vulnerable individuals in Staten Island, New York, has notified certain individuals about a recent data security incident that may have involved unauthorized access and/or the theft of sensitive data.
The breach notice provided to the Massachusetts Attorney General on February 25, 2026, provides limited information about the incident, only confirming that names, Social Security numbers, driver’s license numbers/non-driver identification card numbers, bank account and routing numbers, medical information, and/or health insurance information were potentially impacted. The affected individuals have been offered complimentary credit monitoring and identity theft protection services for two years.
The nature of the incident was not disclosed in the letters, but this appears to have been a ransomware attack by the Genesis ransomware group, which added Community Health Action of Staten Island to its dark web data leak site. Genesis claims to have exfiltrated around 200,000 records containing sensitive personal and medical data, including approximately 60,000 records from HIV-tested patient databases, HIPAA-covered data, and employee information.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, and Community Health Action of Staten Island has not confirmed how many individuals have been affected. The notice to the Massachusetts Attorney General only states that 2 state residents have been affected.
BlueCross BlueShield of Tennessee
BlueCross BlueShield of Tennessee has confirmed that some of its members have been affected by the data breach at business associate Conduent Business Services. The Conduent data breach is one of the largest healthcare data breaches ever discovered, with current figures indicating that more than 25 million individuals across the United States have been affected. A ransomware group gained access to its network on October 21, 2024, maintained access until January 13, 2025, exfiltrated data, and encrypted files.
Data compromised in the incident included name, Social Security number, medical information, and health insurance information. You can read more about the data breach in this post. BlueCross BlueShield of Tennessee reported the breach to the HHS’ Office for Civil Rights as affecting 1,670 members.
Posted By Steve Alder on Mar 3, 2026
Data breaches have been announced by Insight Hospital and Medical Center in Chicago and Community Health Action of Staten Island. BlueCross BlueShield of Tennessee has confirmed it was one of the healthcare organizations affected by the Conduent Business Services data breach.
Insight Hospital and Medical Center
Insight Hospital and Medical Center in Chicago has announced a data security incident that was first identified in September 2025. Unusual activity was identified within its IT environment, and the forensic investigation confirmed unauthorized access to its network between August 22, 2025, and September 11, 2025.
The data review is ongoing to determine the individuals affected and the data involved; however, the likely information compromised in the incident may include names, dates of birth, Social Security numbers, passport numbers, financial account information, treatment-related information, and health insurance information. Notification letters will be mailed to the affected individuals when the data review is completed.
Two threat groups have claimed attacks on Insight Hospital and Medical Center. The LockBit5 group added the Chicago hospital and medical center to its data leak site on December 4, 2025, along with data allegedly stolen in the attack. LockBit claimed to have stolen “almost 200 gigabytes of medical secrets.” More recently, a group called Termite added Insight Hospital and Medical Center to its data leak site. Termite claims to have exfiltrated 360 GB of data in the attack and leaked the stolen data in late February 2026.
Community Health Action of Staten Island
Community Health Action of Staten Island, the operator of programs and social services for vulnerable individuals in Staten Island, New York, has notified certain individuals about a recent data security incident that may have involved unauthorized access and/or the theft of sensitive data.
The breach notice provided to the Massachusetts Attorney General on February 25, 2026, provides limited information about the incident, only confirming that names, Social Security numbers, driver’s license numbers/non-driver identification card numbers, bank account and routing numbers, medical information, and/or health insurance information were potentially impacted. The affected individuals have been offered complimentary credit monitoring and identity theft protection services for two years.
The nature of the incident was not disclosed in the letters, but this appears to have been a ransomware attack by the Genesis ransomware group, which added Community Health Action of Staten Island to its dark web data leak site. Genesis claims to have exfiltrated around 200,000 records containing sensitive personal and medical data, including approximately 60,000 records from HIV-tested patient databases, HIPAA-covered data, and employee information.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, and Community Health Action of Staten Island has not confirmed how many individuals have been affected. The notice to the Massachusetts Attorney General only states that 2 state residents have been affected.
BlueCross BlueShield of Tennessee
BlueCross BlueShield of Tennessee has confirmed that some of its members have been affected by the data breach at business associate Conduent Business Services. The Conduent data breach is one of the largest healthcare data breaches ever discovered, with current figures indicating that more than 25 million individuals across the United States have been affected. A ransomware group gained access to its network on October 21, 2024, maintained access until January 13, 2025, exfiltrated data, and encrypted files.
Data compromised in the incident included name, Social Security number, medical information, and health insurance information. You can read more about the data breach in this post. BlueCross BlueShield of Tennessee reported the breach to the HHS’ Office for Civil Rights as affecting 1,670 members.
