Texas Tech University Health Sciences Center says 2024 breach impacted 813,892 patients

Texas Tech University Health Sciences Center has announced in a data breach notice filed with multiple state Attorney Generals in the US that a major data breach incident in 2024 impacted close to 900,000 individuals.

 

The data breach involved the Interlock ransomware group targeting the medical university’s computer systems between September 17 and September 29, 2024, and exfiltrating vast amounts of data records that contained patients’ protected personal, healthcare and financial information.

 

The breach incident came to light in December 2024 when the university notified the HHS’ Office for Civil Rights that the ransomware incident compromised protected health information of approximately 1,465,000 patients.

 

The security incident affected 650,000 patients under the care of Texas Tech University Health Sciences Center and another 815,000 patients under the care of Texas Tech University Health Sciences Center El Paso.

 

The hackers reportedly targeted computer systems shared by the two medical universities as well as UMC Health System, resulting in the large-scale data breach. Texas Tech University Health Sciences Center El Paso was raised in 1969 as a branch campus of TTUHSC but separated in 2013 as a standalone public medical school.

 

Texas Tech University Health Sciences Center, which serves more than 100 counties in the western portion of Texas, recently announced in a breach incident notification with the California Attorney General that the 2024 cyber security incident impacted 813,892 patients, up from 650,000 reported earlier.

 

The medical university said in recently-issued letters to affected patients that its investigation into the cyber security incident had concluded recently and it was able to determine the nature of data records that were compromised during the ransomware attack.

 

The compromised records included patients’ names, dates of birth, addresses, Social Security numbers, driver’s licence numbers, government-issued identification numbers, bank account information, health insurance information and medical information such as medical record numbers, diagnosis, billing data and treatment information.

 

"The confidentiality, privacy, and security of information in our care is among our highest priorities. We are reviewing existing security policies and procedures as part of the investigation and are implementing additional safeguards to enhance system protection and monitoring," the university said.

 

Texas Tech University Health Sciences Center is providing complimentary credit monitoring and identity restoration assistance services through IDX to all affected patients for up to 24 months and is advising them to stay alert against fraudulent activities involving their data.

 

"We encourage you to remain vigilant against incidents of identity theft and fraud, to review account statements and monitor your credit reports, as well as health care and health insurance billing statements, for suspicious activity and to detect errors," it said.