Texas Centers for Infectious Disease Associates (TCIDA) has now issued a press release and sent notification letters to patients affected by an attack they first discovered last July.
According to their notice, on July 19, 2024, they learned of unusual activity in their network. Their investigation determined that an unauthorized individual may have accessed or acquired certain files and data stored within their systems as a result of an incident experienced by their former third-party billing vendor. Their notice does not name the former billing vendor. Nor is it clear whether the vendor was already a “former vendor” at the time of the incident, or if they only became a former vendor after the incident. The notice does not provide any information on how the vendor’s incident occurred.
The types of patient information involved included names, Social Security number, date of birth, driver’s license number, medical record number, Medicare/Medicaid number, health insurance number, and/or medical or treatment information.
The number of patients affected was not disclosed by TCIDA in its press release. If TCIDA has submitted a report to HHS, it has not shown up yet on HHS’s public breach tool, and if the unnamed vendor submitted it, we may not recognize it as being for the TCIDA incident.
Although TCIDA became aware of the problem on July 19, it was BianLian threat actors who first publicly revealed the incident on August 14, when they added a listing for TCIDA on their darkweb leak site. At the time, their listing claimed that they had acquired 300 GB of 300 GB of “accounting data, medical and personal data, network users personal folders, files from President PC, and fileserver data.” They provided no proof of claims and DataBreaches can find no statement from TCIDA either confirming or denying BianLian’s claims.
DataBreaches never spotted any update or leak of data from TCIDA on BianLian’s leak site, and is uncertain whether BianLian ever leaked or sold the data or not. The leak site abruptly went offline recently with no indication as to whether the group has re-branded, closed, or merged with some other group. How many hands TCIDA data might be in by this time, if any, is also unknown.
Because TCIDA’s notification makes no mention of BianLian, any extortion demand, or whether they paid any demand. DataBreaches submitted a contact form inquiry to TCIDA asking about that and whether any data had been leaked.
No reply was immediately available, but this post will be updated if a reply is received or more information becomes available.
TCIDA has mailed letters to those affected for whom it has addresses. It also established a toll-free call center to answer questions about the incident and address related concerns. Call center representatives are available Monday through Friday from 9:00 am to 9:00 pm Central Time and can be reached at (855) 202-9059.