Texas Medical Center Leaks Patient Information Following Data Breach
Table of Contents
- By Steven
- Published: Nov 03, 2023
- Last Updated: Nov 06, 2023
In South Texas, United Medical Centers (UMC) offer reliable, high-quality healthcare services. They host nine locations in the region, servicing patients from the surrounding communities; their services include options for family planning, WIC, and a broad selection of care to assist chronic illnesses. The clinics provide care to more than 34,184 patients in the area, where many use public insurance to receive services. Following a network disturbance, officials found an unauthorized party within their systems, putting all patient records at risk for misuse.
How Did the Attack Occur?
UMC’s notice of breach indicates little about the attack or how the threat actors made it possible. The breach purportedly disrupted services and halted the operations of some of their IT systems. Following the attack, they noticed suspicious activity within their systems and immediately deferred to cybersecurity professionals. The notice states that the bad actor “accessed or removed files from [their] systems.” This statement indicates the unauthorized party accessed a significant amount of data. For these reasons, patients receiving services from UMC should seriously consider protective steps to guard themselves and their families.
What Information Was Viewed or Stolen?
The notice of data breach offers some of the information categories possibly impacted by the unauthorized actor. These categories may appear in various combinations, and the threat may not have accessed all the details. The accessed files may have contained full names, dates of birth, Social Security Numbers (SSNs), health insurance information, and personal health data. Additionally, it is not clear if the attack included all patients or a partial number; the Texas Attorney General’s Office filing suggests at least 1,200 Texans may feel the impact, but many more may, as well.
How Did United Medical Centers Admit to the Breach?
There is no information about the attack before the service disruption. The official notice started the event timeline around July 26th, 2023, when they learned of unauthorized activity in the system. They immediately started an investigation, which concluded on September 2nd. The investigation results included a list of impacted patients, and on October 27th, they began mailing notification letters. Their Texas breach filing appeared on October 30th.
What Will Become of the Stolen Information?
The notice states nothing about the attackers or their goals, but past data breaches may provide insight. If the assailants are part of a ransomware gang, they may leverage the data against UMC for profit. If they are salesmen, they could sell the accounts online for up to $20 a record. If they are opportunistic criminals, the stolen information could allow them to commit financial, identity, or medical fraud successfully. No matter how the assailants plan to use the data, you can get ahead by taking proactive measures.
What Should Affected Parties Do in the Aftermath of the Breach?
Depending on the speed of the mail, consumers may receive their notices within one to two weeks. Don’t wait to receive a notice before considering proactive measures; all patients of UMC should take precautions to guard their information from exposure. Hire professional identity and financial monitoring services to guard your data from future misuse.
