4,000 Patients Notified of Texas Health Resources Email Account Breach

by Ryan Coyne | Apr 17, 2018

Texas Health Resources, a group providing services to over 1.7 million patients in North Texas, is alerting ‘fewer than 4,000 patients’ that a portion of of their sensitive information may have been obtained by an unauthorized person. The data breach may have happened as early as October 2017, although it was not identified until January 17, 2018, when the health system was made aware of a breach by law enforcement. The possibly compromised data was included in email accounts that the hacker had access to for around three months.

The lateness in sending breach notification letters, which should have to been sent within 60 days of the identification of the breach under HIPAA Rules, was at the request of law enforcement. HIPAA covered bodies are allowed to delay the issuing of notifications if law enforcement feels such an act would harm an investigation. Law enforcement has only recently given the OK to start broadcasting notifications. It is unclear whether the law enforcement inquiry lead to the suspect being caught.

Texas Health Resources outlined in its substitute breach notice that the incident was part of a bigger attack that harmed multiple bodies across the United States. It is currently unclear which other healthcare groups were also targeted by the hacker and therefore the true scale of the attack.

Texas Health Resources carried out its own internal review into the breach and determined that the compromised email accounts held information such as names, dates of birth, Social Security numbers, medical record numbers, drivers’ license numbers, state ID numbers, insurance information, and clinical data. Most of the affected people had received medical services at Texas Health Resources clinics in 2017.

People whose Social Security numbers were obtained have been given complimentary identity theft and credit monitoring services for one year for free. No reports have been received to suggest any of the information has been improperly used.

Texas Health is always working on improving its security measures to keep protected health information confidential and safe and will be strengthening security monitoring to ensure any future security incidents are detected quickly.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter