4,000 Patients Alerted of Texas Health Resources Email Account Breach

April 19, 2018

 

Texas Health Resources, a group providing facilities to more than 1.7 million patients in North Texas, is warning ‘fewer than 4,000 patients’ that a part of their confidential information might have been gotten by an illegal person. The data breach might have occurred as early as October 2017, even though it was not known until January 17, 2018, when the health system was made aware of a breach by police. The probably undermined data was included in electronic mail accounts that the hacker had access to for about three months.

The delay in sending breach notice letters, which should have been sent within 60 days of the detection of the breach as per HIPAA Laws, was at the request of police. HIPAA protected organizations are permitted to delay the issuing of notices if police feel such an act would harm an inquiry. Police have only lately given the OK to begin broadcasting notices. It is unclear whether the police investigation results in the accused being captured.

Texas Health Resources summarized in its substitute breach notification that the occurrence was part of a larger attack that harmed many organizations across the United States. It is presently not clear which other healthcare companies were also targeted by the hacker and therefore the actual level of the attack.

Texas Health Resources carried out its own internal evaluation into the breach and decided that the undermined electronic mail accounts held information like names, insurance information, state ID numbers, drivers’ license numbers, medical record numbers, Social Security numbers, dates of birth, and clinical data. Most of the impacted people had received medical facilities at Texas Health Resources clinics in 2017.

People whose Social Security numbers were gotten have been provided free identity theft and credit checking facilities for one year. No reports have been received to indicate any of the information has been wrongly used.

Texas Health is always working on improving its safety measures to keep PHI private and safe and will be strengthening safety checking to make sure any future safety occurrences are identified swiftly.