Texas Tech University Health Sciences Center Ransomware Attack Affects 1.46 Million Patients
Texas Tech University Health Sciences Center, an academic health institution and medical school of Texas Tech University, has confirmed that a large volume of patient data was exfiltrated in a September ransomware attack involving systems shared by Texas Tech University Health Sciences Center in El Paso, Texas Tech Physicians, and UMC Health System.
Two breach reports have been submitted to the HHS’ Office for Civil Rights confirming the electronic protected health information (ePHI) of 1,465,000 patients was compromised in the attack, 650,000 of whom were patients of Texas Tech University Health Sciences Center and 815,000 were patients of its El Paso center. UMC Health previously reported the breach as affecting at least 501 individuals.
The Health Sciences Centers (HSCs) explained that the ransomware attack was detected in September 2024 when some of their computer systems and applications were disrupted. Immediate action was taken to secure its systems, and an investigation was launched to identify the cause of the disruption. The HSCs confirmed that the disruption was caused by “a cybersecurity event,” involving unauthorized access to its computer systems between September 17 and September 29, 2024.
The HSCs did not describe the incident as a ransomware attack; however, the Interlock ransomware group claimed responsibility for the attack and added Texas Tech University Health Sciences Center to its data leak site in October. The ransom was not paid, so Interlock uploaded the stolen data to its data leak site – 2.6 TB, including 2,102,989 files in 100,882 folders – remains available for download.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The HSCs explained in their substitute breach notice that the file review has been completed and individual notifications are being mailed. The data compromised in the ransomware attack includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers/government-issued identification numbers, financial account information, health insurance information, diagnosis and treatment information, medical records numbers, and billing/claims data.
The HSCs are offering the affected individuals complimentary credit monitoring services. Since the stolen data is listed on a dark web data leak site, affected individuals should ensure that they take advantage of those services and closely monitor their accounts and explanation of benefits statements for signs of misuse of their information. The HSCs have taken steps to improve security to prevent similar cyberattacks and data breaches in the future, including reviewing and updating data security policies and procedures, and implementing additional data protection and intrusion monitoring measures.
A similarly sized data breach was reported by Texas Tech University Health Sciences Center in 2022. In that incident, which occurred through its electronic medical record vendor Eye Care Leaders, the ePHI of 1,290,104 patients was compromised.
