Texas Health Resources is notifying fewer than 4,000 patients about an email incident last year. They were reportedly asked to delay notification for law enforcement purposes, and were told that this was part of a larger incident affecting multiple entities across the country. Now what larger incident would that be?
Texas Health Resources is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is about an incident involving some of that information.
On January 17, 2018, law enforcement advised us that an unauthorized third party may have gained access to some Texas Health email accounts in October 2017. Law enforcement indicated this was part of a larger incident affecting multiple entities across the country and did not just affect Texas Health entities and patients. They asked that we refrain from contacting our patients, so as not to impede the law enforcement investigation.
We respected law enforcement’s request and began our own internal investigation, including hiring a leading forensic firm to assist us.
The investigation determined that some patients’ information may have been in the affected email accounts, and may have included patients’ names, medical record numbers, dates of birth, addresses, insurance information, clinical information, and in some instances Social Security numbers and driver’s license and state identification numbers. Law enforcement has now indicated we could notify our patients regarding this incident.
This incident affected certain Texas Health patients that received care and treatment primarily in 2017. It did not affect all Texas Health patients.
We have no indication that any information has been misused in any way. However, in an abundance of caution, we mailed letters to affected patients on April 13, 2018, and established a dedicated call center to answer any questions they may have. For those patients whose Social Security numbers were included, we are offering one year of free credit monitoring. We recommend affected patients review any statements they receive from their health insurer. If patients see charges for services they did not receive, please contact the insurer immediately. If you believe you are affected and have not received a letter by May 1, 2018, please call 855-331-3705, Monday through Friday, between 8 a.m. and 8 p.m. Central Time.
We deeply regret any inconvenience or concern this may cause our patients. To help prevent something like this from happening in the future, Texas Health is continuously working to implement safeguards and enhance information security monitoring.