Insight Hospital and Medical Center Data Breach Exposes PHI and PII

Insight Hospital and Medical Center, a nonprofit teaching and community hospital, experienced a data breach that has raised concerns for patients and staff. In September 2025, the hospital discovered unusual activity within its network, prompting an immediate investigation.

Cybersecurity experts were brought in to assess the situation, and it was determined that an unauthorized individual accessed the hospital’s network between Aug. 22, 2025, and Sept. 11, 2025. During this period, files and data stored within the network were compromised.

Both personally identifiable information (PII) and protected health information (PHI) were exposed including names, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, financial account information, and treatment-related information such as health insurance details.

The hospital is conducting a thorough review to identify all individuals whose information may have been involved. Additionally, Insight has posted a notice of the incident on its website.

Adding to the gravity of the situation, the ransomware group LOCKBIT 5.0 claimed responsibility for the attack. On Dec. 5, 2025, the group posted on the dark web, stating they had obtained 200 GB of the hospital’s data and threatened to publish it within two weeks.

Insight Hospital and Medical Center's response

The hospital is continuing to review its systems to determine the full scope of the breach and is notifying all affected individuals as soon as their information is identified.

Given the sensitive nature of the data involved, the hospital has advised individuals to remain vigilant by monitoring their account statements and credit reports for any suspicious activity. They recommend promptly notifying financial institutions and law enforcement if any fraudulent activity is detected.

The hospital also provided detailed guidance on obtaining free credit reports, placing fraud alerts, and initiating security freezes with major credit bureaus to help prevent identity theft.

Additional resources are available through the Federal Trade Commission (FTC) and state attorneys general for those seeking further information about protecting themselves from identity theft.