DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: Emergence Health Network notifies 11,100 mental health patients of possible PHI breach

Posted on October 26, 2015 by Dissent

First, their press release:

(El Paso, Texas October 16, 2015) Emergence Health Network (EHN) is in the process of contacting individuals regarding an unauthorized disclosure of protected health information.

An EHN computer server was compromised in August through an unauthorized internet connection. The affected computer server was disabled to minimize a compromise.

It is not apparent that any medical information was disclosed based upon a third-party audit of the computer server and EHN does not have any proof that information such as social security number, date of birth, home address, was accessed or otherwise misused. However, in an abundance of caution EHN will notify, via written notification, the affected individuals; if they choose, can take necessary precautions regarding protection of their personal information such as contacting the credit agencies.

EHN has also already taken appropriate steps to avoid the threat of future data security compromises and is cooperating with officials in minimizing the potential effects of this incident.

To answer any questions or address any concerns, those individuals who receive the notification letter are encouraged to contact EHN at the following toll-free number or email address.

Toll Free phone number: 844-637-6466
Email: [email protected]

That doesn’t sound too bad, right? Except it turns out that the breach may have begun in 2012. From their notification letter of October 8:

We are sending you this letter to let you know that your protected health information may have been shared or seen without approval from you or Emergence Health Network (EHN). EHN is the local mental health authority for El Paso County and has previously been known as El Paso MHMR and Life Management Center. This letter is to let you know EHN is taking steps to correct the situation that caused your information to be exposed and to protect your information in the future.

What happened: EHN maintains personal information about you on several electronic computer servers which are connected to the internet. EHN is required to keep this information on computer servers in order to provide services to you. EHN became aware of strange activity on one of our computer servers on August 18, 2015. Someone, without permission from EHN, accessed the computer server through an internet connection. Because of the internet, the person or persons could have accessed this computer server from any location. A computer specialist inspected the computer server and found out that the first unapproved access of the server may have happened back in 2012. The information which was kept on the server included your first and last name, address, date of birth, social security number, case number, and information indicating that you accessed services from Life Management Center/ El Paso MHMR/Emergence Health Network. We are confident that no medical records were contained within the server.

What EHN is doing: EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered. EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach.

The letter does not indicate how far back their stored patient data goes and whether it includes inactive patients, although it seems likely from the situation described.

The incident was reported to HHS on October 16th as impacting 11,100 patients.


Related:

  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Category: Government SectorHackHealth DataOf Note

Post navigation

← UK: Experian rules out GOV.UK Verify changes after T-mobile data breach
Hacking cars in the style of Stuxnet →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.