Texas Tech University Health Sciences Center and Baptist Health Report Data Breach

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider.

Eye Care Leaders stated it discovered a breach last December 4, 2021, and deactivated the impacted systems in 24 hours. Texas Tech University Health Sciences Center stated it obtained the findings of the forensic investigation last April 19, 2022. The compromised data comprised these data elements: name, telephone numbers, address, driver’s license number, email, birth date, sexuality, medical record number, medical insurance data, appointment details, Social Security number, and medical data associated with ophthalmology services. There was no instance of data extraction found.

In the last couple of weeks, there had been more eye care providers identified to have been impacted by the data breach at Eye Care Leaders. A minimum of 20 eye care providers have reported that they were impacted. At least 1.9 million patients’ PHI had been identified to have been exposed.

Baptist Health Reports Potential Exposure of Patient Data in Cyberattack

Baptist Health recently began informing patients regarding a cyberattack that was identified on April 20, 2022. The cyberattack may have involved the downloading of malicious code on its system. Based on the report, an unauthorized person got access to selected Baptist Health systems from March 31 to April 24, 2022. In that period of access, certain information was extracted from its networks.

Upon detection of the breach, user access was revoked; the impacted systems were taken off the web to stop continued unauthorized access, and cybersecurity defense methods were executed. The areas of the system that were compromised contained the information of patients of Baptist Medical Center located in San Antonio and Resolute Health Hospital based in New Braunfels in Texas. The compromised data contained names, addresses,
birth dates, Social Security numbers, medical insurance details, medical record numbers, physician and facility names, chief issue/motive for a visit, dates of service, visit processes and diagnosis data, and billing and claims details.

Baptist Health pointed out it is boosting its security and monitoring functions to lessen the risk of continuing data breaches. Impacted people have already been informed and persons whose Social Security numbers were possibly exposed were provided no-cost credit monitoring and identity protection services.

The breach is not yet published on the HHS’ Office for Civil Rights webpage, therefore the number of persons affected is not clear at the moment.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA