A data breach at Southern Illinois Ob-Gyn Associates has affected 38,700 individuals. Data breaches have also been reported by Wellpoint Washington – involving Independent Clinics of Washington – and Dillon Family Medicine, part of McLeod Health. Southern Illinois Ob-Gyn Associates Southern Illinois Ob-Gyn Associates has notified 38,700 current and former patients about a breach of their personal and protected health information.
The cybersecurity incident was identified on November 24, 2025, and after securing its systems, third-party cybersecurity experts were engaged to investigate and determine the nature and scope of the incident. They confirmed that its systems had been subject to unauthorized access, and on January 28, 2026, it was confirmed that there was unauthorized access to patient data.
Data compromised in the incident included names, dates of birth, Social Security numbers, demographic information, health information, and health insurance information. Southern Illinois Ob-Gyn Associates said it has implemented additional technical safeguards and has enhanced its existing security measures to prevent similar incidents in the future. Southern Illinois Ob-Gyn Associates obtained the final list of individuals to notify on April 28, 2026.
The affected individuals have been offered complimentary credit monitoring and identity theft protection services. Wellpoint Washington Wellpoint Washington, Inc. , has notified 12,020 individuals that some of their personal and protected health information was stored in an employee’s email account that was accessed by an unauthorized third party between June 24 and July 2, 2025.
During that time, emails and files may have been exfiltrated. The data breach affected Independent Clinics of Washington, a delegated provider of Elevance Health, and was detected on July 2, 2025. The incident exposed information such as names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance ID numbers, medical information, and pharmacy information.
The affected individuals were notified directly by Wellpoint Washington Inc. Complimentary credit monitoring and identity theft protection services do not appear to have been made available. Dillon Family Medicine Dillon Family Medicine, a healthcare provider that’s part of McLeod Health and serves patients in and around Dillon, South Carolina, has identified unauthorized access to a network server containing patient information.
According to the substitute breach notice on the McLeod Health website, the unauthorized access occurred between October 17, 2026, and October 18, 2026. The breach was not detected until March 5, 2026, when a suspicious file was found on the server, which was about to be decommissioned. An investigation was launched, which determined on April 14, 2026, that there had been unauthorized access to the server.
The server contained names, dates of birth, Social Security numbers, and health information, including diagnoses, medications, test results, medical images, treatment information, and health insurance information. Additional safeguards have been implemented to prevent similar incidents in the future, and the affected server has now been fully decommissioned and is no longer in use.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so the number of affected individuals is currently unknown. The post Southern Illinois Ob-Gyn Associates Announces Data Breach Affecting 38,700 Individuals appeared first on The HIPAA Journal .
Originally published at hipaajournal.com
