Data breach at Denton County MHMR Center Exposes Personal Information of over 105,000 people

Denton County MHMR Center reported that a data security incident in December 2024 exposed sensitive personal information belonging to more than 105,000 individuals.

 

Denton County MHMR Center is a nonprofit community organisation serving Denton County, Texas, that acts as the local authority for mental health and intellectual and developmental disability (IDD) services, providing treatment, crisis intervention, case management, and rehabilitative support for children, adults, and seniors.

 

In a data security incident notice published on its website, Denton County MHMR Center said that on December 24, 2024, it identified unusual activity within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation determined that certain information stored on our network was accessed by an unauthorised party for a limited time between December 24, 2024, and December 25, 2024,” Denton County MHMR Center said.

 

On October 10, the investigation determined that the compromised data included patient names, addresses, patients’ identification numbers, dates of birth, diagnosis, medical history information, medical record numbers, medical treatment information, lab information, treating doctor’s name, medication information, vaccination information, medical insurance information, and biometric identifiers.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, the healthcare provider said that it has identified at least 108,967 individuals impacted by the incident.

 

“In response to this incident, we partnered with third-party specialists to implement additional security measures within our network and reviewed our policies and procedures related to data protection,” the healthcare provider added.

 

While Denton County MHMR Center found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Denton County MHMR Center. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.