There’s an update to an insider data breach previously announced in January 2025. Yesterday’s announcement brings the new total affected to almost 95,000 people.
April 30, 2025. AUSTIN – The Texas Health and Human Services Commission is notifying an additional 33,529 recipients of agency services and other affected individuals that their protected health, personal identifying or sensitive personal information may have been inappropriately accessed, used or disclosed.
As a result of an internal review, HHSC identified additional individuals impacted by the privacy breach previously announced on Jan. 17, 2025. HHSC terminated the employees involved and referred the incident to the Texas Health and Human Services Office of Inspector General (OIG) for investigation and coordination with prosecutor offices to pursue criminal charges.
HHSC recommends that affected individuals carefully review their accounts and health care provider, insurance company and financial institution statements to make sure their account activity is correct. Report any questionable charges promptly to the provider or company and contact law enforcement.
HHSC advises Supplemental Nutrition Assistance Program (SNAP) recipients to check their Lone Star Card transactions for potential fraudulent activity at YourTexasBenefits.com or through the Your Texas Benefits mobile app. Recipients who believe they may have been a victim of SNAP fraud should call 2-1-1, select a language, and choose option 3 to report the fraud to the OIG. They should also contact law enforcement to report the fraud and visit a local HHSC benefits office to have their benefits replaced.
The data that may have been inappropriately accessed, used or disclosed were not the same for everyone. HHSC has determined full names, home addresses, telephone numbers, dates of birth, email addresses, Social Security numbers, Medicaid and Medicare identification numbers, financial, employment, banking, benefits, health, insurance, medical, certificate, license and other personal information may have been inappropriately accessed between June 2021 and January 2025. Affected individuals can read the Privacy Breach Substitute Notice and FAQ (PDF).
HHSC is offering two years of free credit monitoring and identity theft protection services to those affected by the breach. Individuals affected by the breach will be notified via first-class mail no later than April 30. They can also call 866-362-1773, toll-free, Monday through Friday from 8 a.m. to 8 p.m. Central time (excluding major U.S. holidays). When calling, use the engagement number B139792.
After receiving notification on Nov. 21, 2024, HHSC confirmed the privacy incident on Dec. 5, 2024. Through further review, the agency connected the incident to employee misconduct first identified on July 9, 2024.
To date, HHSC has terminated nine employees and identified at least 94,000 individuals who may have been impacted by the privacy breach.
HHSC is strengthening internal security controls and working to implement additional fraud prevention measures, including enhanced monitoring and alerts to detect suspicious activity. HHSC understands the impact this privacy breach may have, and is committed to protecting the confidential information of those we serve.