Data Incident Notice
News Release
Texas, May 17, 2023 – The following facilities are providing notice of an incident through which patients’ protected health information (“PHI”) may have been accessed: Doctors Hospital of Laredo, Fort Duncan Regional Medical Center, Northwest Texas Healthcare System, South Texas Health System – Edinburg, and Texoma Medical Center (collectively, the “Facilities”). Letters were mailed to potentially affected patients on May 17, 2023.
What Happened
On January 18, 2023, a business associate of the Facilities became aware of suspicious email activity in an authorized user’s email account and determined that, on or about January 9, 2023, this user’s email account had been accessed without authorization as a result of a phishing incident. “Phishing” means that the user was tricked into sharing login information which enabled an unauthorized person to access the email account. The business associate immediately reset the account credentials and launched an investigation into the nature and scope of the incident. The investigation found that the user’s email account was only accessed through a web browser, and while certain emails may have been accessed by the unauthorized person, there is currently no evidence that suggests any PHI in the emails were the target of the attack or otherwise copied or misused in any way. Nevertheless, an extensive effort was made to match patient information in the emails with available mailing addresses, and the Facilities are providing notice of the incident to impacted patients in an abundance of caution and so they can take steps to protect their information if they find it appropriate to do so.
What Information Was Involved
The potentially impacted emails contained the patient’s full name, patient account and/or medical record number, admission and/or discharge date, status of diagnosis and/or discharge, and in some instances, associated billing amounts. Please note the emails did not contain Social Security numbers, credit card numbers or other financial information, and generally did not include any email, phone number, or mailing address.
What We are Doing
The Facilities began mailing notification letters on May 17, 2023. In addition, email security measures are being reviewed and enhanced in light of the incident, as well as additional training and security reminders for relevant staff. While the Facilities are unaware of any actual or attempted misuse of PHI, they are offering impacted patients 12 months of identity surveillance and restoration services at no charge.
More Information
The Facilities are committed to providing quality care, including protecting PHI. Individuals with additional questions, may call the dedicated assistance line at 800-984-9630 (toll-free), Monday – Friday, 9:00 a.m. to 11:00 p.m. Eastern Time, and Saturday – Sunday, 11:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays. This line will remain open until August 31, 2023.
If you did not receive a letter, but would like to know if you were affected, please contact the dedicated assistance line.
