DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: Unable to determine what was accessed in cyberattack, McAllen Surgical Specialty Center, Ltd. is notifying patients as well as employees

Posted on October 23, 2021 by Dissent

MCALLEN, Texas, Oct. 22, 2021 /PRNewswire/ — McAllen Surgical Specialty Center, Ltd. (“McAllen Surgical”) is providing notice of an incident that could affect the privacy of information of certain employees and patients for whom it provided medical care. While McAllen Surgical is unaware of any actual or attempted misuse of this information, McAllen Surgical takes this incident very seriously and are providing information about the incident, their response to it, and resources available to individuals to help protect their information, should they feel it appropriate to do so.

What Happened? On May 14, 2021, McAllen Surgical discovered encrypted files on one of its servers. McAllen Surgical immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. McAllen Surgical’s investigation determined that an unauthorized actor gained access to certain computers and servers between May 12, 2021 and May 14, 2021. McAllen Surgical then worked diligently to identify which computers were impacted, what information was stored on those computers, and to whom the information on those computers relates.  On July 22, 2021, as part of the investigation, McAllen Surgical determined it was unable to rule out whether any computers or servers housing patient information were accessed. Therefore, although McAllen Surgical has no indication that any patient information was actually viewed or taken, they are providing notice in an abundance of caution because sensitive information was present on the network at the time of the unauthorized access.

What Information Was Involved? McAllen Surgical conducted a thorough review of the relevant systems to identify the types of information stored there and to whom it related.  McAllen Surgical’s review determined that sensitive information was present in the affected systems and it is possible that this information could have been accessed or acquired by an unauthorized actor.  While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes: name; address; Social Security number; health insurance information; date of service; provider name; medical record number; and patient number.

How Will Individuals Know If They Are Affected By This Incident? McAllen Surgical is mailing notice letters to the individuals identified as impacted. If an individual did not receive a letter but would like to know if they are affected, they may call McAllen Surgical’s dedicated assistance line, detailed below.

What McAllen Surgical is Doing. McAllen Surgical takes the confidentiality, privacy, and security of information in its care seriously. Upon discovery, McAllen Surgical immediately commenced an investigation to confirm the nature and scope of the incident. In response to this incident, McAllen Surgical is reviewing and enhancing existing policies and procedures.

Whom Should Individuals Contact For More Information? If individuals have questions or would like additional information, they may call McAllen Surgical’s dedicated assistance line, 866-581-1076 between the hours of 8:00 a.m. and 10:00 p.m., Central Time, Monday through Friday.

For more information on what you can do if you think you were impacted by this incident, read the full press release on PRNewswire.

SOURCE McAllen Surgical Specialty Center, Ltd.

Category: Breach IncidentsHealth DataMalware

Post navigation

← CT: Wiggin and Dana law firm discloses ransomware attack
UT: EMI Health alerting plan members to breach — notices will follow at a later date →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.