4,000 Patients Notified of Texas Health Resources Email Account Breach

by | Apr 17, 2018

Texas Health Resources, a group providing services to over 1.7 million patients in North Texas, is alerting ‘fewer than 4,000 patients’ that a portion of of their sensitive information may have been obtained by an unauthorized person. The data breach may have happened as early as October 2017, although it was not identified until January 17, 2018, when the health system was made aware of a breach by law enforcement. The possibly compromised data was included in email accounts that the hacker had access to for around three months.

The lateness in sending breach notification letters, which should have to been sent within 60 days of the identification of the breach under HIPAA Rules, was at the request of law enforcement. HIPAA covered bodies are allowed to delay the issuing of notifications if law enforcement feels such an act would harm an investigation. Law enforcement has only recently given the OK to start broadcasting notifications. It is unclear whether the law enforcement inquiry lead to the suspect being caught.

Texas Health Resources outlined in its substitute breach notice that the incident was part of a bigger attack that harmed multiple bodies across the United States. It is currently unclear which other healthcare groups were also targeted by the hacker and therefore the true scale of the attack.

Texas Health Resources carried out its own internal review into the breach and determined that the compromised email accounts held information such as names, dates of birth, Social Security numbers, medical record numbers, drivers’ license numbers, state ID numbers, insurance information, and clinical data. Most of the affected people had received medical services at Texas Health Resources clinics in 2017.

People whose Social Security numbers were obtained have been given complimentary identity theft and credit monitoring services for one year for free. No reports have been received to suggest any of the information has been improperly used.

Texas Health is always working on improving its security measures to keep protected health information confidential and safe and will be strengthening security monitoring to ensure any future security incidents are detected quickly.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy