DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: Emergence Health Network notifies 11,100 mental health patients of possible PHI breach

Posted on October 26, 2015 by Dissent

First, their press release:

(El Paso, Texas October 16, 2015) Emergence Health Network (EHN) is in the process of contacting individuals regarding an unauthorized disclosure of protected health information.

An EHN computer server was compromised in August through an unauthorized internet connection. The affected computer server was disabled to minimize a compromise.

It is not apparent that any medical information was disclosed based upon a third-party audit of the computer server and EHN does not have any proof that information such as social security number, date of birth, home address, was accessed or otherwise misused. However, in an abundance of caution EHN will notify, via written notification, the affected individuals; if they choose, can take necessary precautions regarding protection of their personal information such as contacting the credit agencies.

EHN has also already taken appropriate steps to avoid the threat of future data security compromises and is cooperating with officials in minimizing the potential effects of this incident.

To answer any questions or address any concerns, those individuals who receive the notification letter are encouraged to contact EHN at the following toll-free number or email address.

Toll Free phone number: 844-637-6466
Email: [email protected]

That doesn’t sound too bad, right? Except it turns out that the breach may have begun in 2012. From their notification letter of October 8:

We are sending you this letter to let you know that your protected health information may have been shared or seen without approval from you or Emergence Health Network (EHN). EHN is the local mental health authority for El Paso County and has previously been known as El Paso MHMR and Life Management Center. This letter is to let you know EHN is taking steps to correct the situation that caused your information to be exposed and to protect your information in the future.

What happened: EHN maintains personal information about you on several electronic computer servers which are connected to the internet. EHN is required to keep this information on computer servers in order to provide services to you. EHN became aware of strange activity on one of our computer servers on August 18, 2015. Someone, without permission from EHN, accessed the computer server through an internet connection. Because of the internet, the person or persons could have accessed this computer server from any location. A computer specialist inspected the computer server and found out that the first unapproved access of the server may have happened back in 2012. The information which was kept on the server included your first and last name, address, date of birth, social security number, case number, and information indicating that you accessed services from Life Management Center/ El Paso MHMR/Emergence Health Network. We are confident that no medical records were contained within the server.

What EHN is doing: EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered. EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach.

The letter does not indicate how far back their stored patient data goes and whether it includes inactive patients, although it seems likely from the situation described.

The incident was reported to HHS on October 16th as impacting 11,100 patients.

No related posts.

Category: Government SectorHackHealth DataOf Note

Post navigation

← UK: Experian rules out GOV.UK Verify changes after T-mobile data breach
Hacking cars in the style of Stuxnet →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.