On April 12, 2018, Texas Health Physicians Group submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Arlington, Texas, Texas Health Physicians Group’s email breach affected 3808 individuals’ protected health information.
Texas Health Physicians Group is classified as a Healthcare Provider.
According to Texas Health Physicians Group’s press release:
Texas Health Resources is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is about an incident involving some of that information.
On January 17, 2018, law enforcement advised us that an unauthorized third party may have gained access to some Texas Health email accounts in October 2017. Law enforcement indicated this was part of a larger incident affecting multiple entities across the country and did not just affect Texas Health entities and patients. They asked that we refrain from contacting our patients, so as not to impede the law enforcement investigation.
We respected law enforcement’s request and began our own internal investigation, including hiring a leading forensic firm to assist us.
The investigation determined that some patients’ information may have been in the affected email accounts, and may have included patients’ names, medical record numbers, dates of birth, addresses, insurance information, clinical information, and in some instances Social Security numbers and driver’s license and state identification numbers. Law enforcement has now indicated we could notify our patients regarding this incident.
This incident affected certain Texas Health patients that received care and treatment primarily in 2017. It did not affect all Texas Health patients.
We have no indication that any information has been misused in any way. However, in an abundance of caution, we mailed letters to affected patients on April 13, 2018, and established a dedicated call center to answer any questions they may have. For those patients whose Social Security numbers were included, we are offering one year of free credit monitoring. We recommend affected patients review any statements they receive from their health insurer. If patients see charges for services they did not receive, please contact the insurer immediately. If you believe you are affected and have not received a letter by May 1, 2018, please call 855-331-3705, Monday through Friday, between 8 a.m. and 8 p.m. Central Time.
We deeply regret any inconvenience or concern this may cause our patients. To help prevent something like this from happening in the future, Texas Health is continuously working to implement safeguards and enhance information security monitoring.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.