Over 535,000 Individuals Affected by Ransomware Attack on Texas ENT Specialists

Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) has recently announced it was the victim of a cyberattack that was detected on October 19, 2021.

When the attack was detected, prompt action was taken to prevent further unauthorized system access and a third-party cybersecurity firm was engaged to investigate and determine the nature and extent of the attack. The forensic investigation revealed the attackers first gained access to its systems on August 9, 2021, and between then and August 15, files were copied and exfiltrated from its systems.

A review of those files confirmed they contained the protected health information (PHI) of 535,489 patients, including names, dates of birth, medical record numbers, and procedure codes. A subset of individuals also had their Social Security numbers stolen; however, its electronic medical record system was unaffected.

Texas ENT Specialists mailed notification letters to affected individuals on December 10, 2021. Patients who had their Social Security number stolen have been offered complimentary membership to Experian’s identity theft monitoring service.

Texas ENT Specialists said has strengthened its privacy and information security program and has implemented additional technical security measures to better protect and monitor its systems.

Virginia Department of Behavioral Health and Developmental Services Suffers Second Funding Portal Breach

The Virginia Department of Behavioral Health and Developmental Services (DBHDS) is notifying 4,037 individuals who applied for Individual and Family Support Program (IFSP) funding that some of their protected health information may have been impermissibly disclosed. The breach affected its IFSP Funding Portal and occurred on October 7, 2021. The breach was detected within minutes and the portal was immediately taken offline to prevent further unauthorized data access.

In 2019, DBHDS experienced a breach of its IFSP funding portal that exposed the data of 1,442 individuals. In the 17 months that followed, the internal team and the Virginia Information Technology Agency (VITA) investigated the attack and attempted to simulate and solve the issue. Extensive testing of the Portal was performed, and it was determined the Portal was clear to operate again. The latest breach appears to be similar to the 2019 incident and may also have allowed information to be viewed by other applicants.

DBHDS said it will not attempt to repair the Portal again, and an alternative solution will be found for future IFSP application processes. Individuals who had their application information exposed to other individuals will be able to sign up for free credit monitoring services for 2 years.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.