DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: Emergence Health Network notifies 11,100 mental health patients of possible PHI breach

Posted on October 26, 2015 by Dissent

First, their press release:

(El Paso, Texas October 16, 2015) Emergence Health Network (EHN) is in the process of contacting individuals regarding an unauthorized disclosure of protected health information.

An EHN computer server was compromised in August through an unauthorized internet connection. The affected computer server was disabled to minimize a compromise.

It is not apparent that any medical information was disclosed based upon a third-party audit of the computer server and EHN does not have any proof that information such as social security number, date of birth, home address, was accessed or otherwise misused. However, in an abundance of caution EHN will notify, via written notification, the affected individuals; if they choose, can take necessary precautions regarding protection of their personal information such as contacting the credit agencies.

EHN has also already taken appropriate steps to avoid the threat of future data security compromises and is cooperating with officials in minimizing the potential effects of this incident.

To answer any questions or address any concerns, those individuals who receive the notification letter are encouraged to contact EHN at the following toll-free number or email address.

Toll Free phone number: 844-637-6466
Email: [email protected]

That doesn’t sound too bad, right? Except it turns out that the breach may have begun in 2012. From their notification letter of October 8:

We are sending you this letter to let you know that your protected health information may have been shared or seen without approval from you or Emergence Health Network (EHN). EHN is the local mental health authority for El Paso County and has previously been known as El Paso MHMR and Life Management Center. This letter is to let you know EHN is taking steps to correct the situation that caused your information to be exposed and to protect your information in the future.

What happened: EHN maintains personal information about you on several electronic computer servers which are connected to the internet. EHN is required to keep this information on computer servers in order to provide services to you. EHN became aware of strange activity on one of our computer servers on August 18, 2015. Someone, without permission from EHN, accessed the computer server through an internet connection. Because of the internet, the person or persons could have accessed this computer server from any location. A computer specialist inspected the computer server and found out that the first unapproved access of the server may have happened back in 2012. The information which was kept on the server included your first and last name, address, date of birth, social security number, case number, and information indicating that you accessed services from Life Management Center/ El Paso MHMR/Emergence Health Network. We are confident that no medical records were contained within the server.

What EHN is doing: EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered. EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach.

The letter does not indicate how far back their stored patient data goes and whether it includes inactive patients, although it seems likely from the situation described.

The incident was reported to HHS on October 16th as impacting 11,100 patients.

Category: Government SectorHackHealth DataOf Note

Post navigation

← UK: Experian rules out GOV.UK Verify changes after T-mobile data breach
Hacking cars in the style of Stuxnet →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious
  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.