Iroquois Memorial Hospital Data Breach Exposes Patient Records

Iroquois Memorial Hospital, a community acute care hospital and health system based in Watseka, Illinois, recently experienced a data breach that has affected hundreds of individuals.

On Jan. 9, 2026, the incident was disclosed to the U.S. Department of Health and Human Services.

The breach was the result of a ransomware attack carried out by the PEAR group, who posted about the incident on a dark web forum on Dec. 11, 2025. According to the group’s claims, they obtained sensitive data belonging to the hospital.

The breach was classified as a ransomware incident, meaning cybercriminals infiltrated the hospital’s network and encrypted or exfiltrated data, demanding a ransom for its return or non-disclosure. The attack was made public on the Tor network, a part of the dark web often used for illicit activities.

The precise data types affected have not been detailed in the public disclosures, but ransomware attacks on healthcare providers often target both PII and PHI due to their high value on illicit markets.

Information exposed in this breach may include personally identifiable information (PII) such as names, addresses, dates of birth and possibly Social Security numbers, as well as protected health information (PHI) like medical records, diagnoses, treatment information and insurance details.

Iroquois Memorial Hospital's response

In response to the ransomware attack, Iroquois Memorial Hospital has notified federal authorities and is cooperating with the investigation. The hospital is taking steps to secure its systems and prevent further unauthorized access.

Individuals whose data may have been compromised are being notified in accordance with federal regulations.

Given the severity of the breach and the involvement of ransomware actors, affected individuals should take several precautionary measures:

• Monitor credit reports and financial statements for signs of identity theft or fraud
• Be alert for phishing emails or suspicious phone calls that may reference the hospital or recent medical care
• Consider placing a fraud alert or credit freeze with major credit bureaus
• Review any correspondence from the hospital for instructions on enrolling in credit monitoring or identity theft protection services, if offered

If any suspicious activity is detected, it is advisable to report it immediately to the appropriate financial institution or credit bureau.