In August, Texoma Community Center in Texas (TCC) notified HHS that 24,030 patients had been impacted by breach involving a hack of email. TCC provides mental health, behavioral health, and intellectual and developmental disability services to adults and minors in the Sherman, Texas area.
Today, they issued a press release concerning what they describe as a “recent event.” “Recent?” It occurred almost one year ago.
In any event, TCC notes that on October 20, 2020, they became aware of suspicious activity related to employee email accounts. Investigation revealed that their had been unauthorized access between September 24, 2020 and December 1, 2020 to several email accounts. Because they could not figure out which emails had been accessed, they reviewed all of them.
Their investigation revealed that some patients had ePHI in the emails that may have included for different patients:
name, date of birth, medical history, treatment or diagnosis, health information, health insurance information including policy and/or subscriber information, insurance application and/or claims information, birth certificate, marriage certificate, digital signature, facial photograph, email address and password, unique biometric data, vehicle identification number, username and password, military identification number, and for a smaller number of individuals may include social security number, driver’s license number, financial account information, and credit or debit card number.
So what is TCC doing for the patients? Not much of anything other than offering the usual advice. They say they are strengthening their security and training employees, but they have offered patients no complimentary mitigation services at all, it seems.