Texas Health Resources

Texas Health Resources notified fewer than 4,000 patients about an email incident last year.

An unauthorized third party may have gained access to some Texas Health email accounts.

Law enforcement indicated this was part of a larger incident affecting multiple entities across the country and did not just affect Texas Health entities and patients.

Some patients’ information may have been in the affected email accounts.

It may have included patients’ names, medical record numbers, dates of birth, addresses, insurance information, clinical information, and in some instances Social Security numbers and driver’s license and state identification numbers.

Source: https://www.databreaches.net/texas-health-resources-notifying-patients-about-incident-in-2017-that-affected-multiple-entities/

TPRM report: https://scoringcyber.rankiteo.com/company/texas-health-resources

"id": "tex203427622",
"linkid": "texas-health-resources",
"type": "Breach",
"date": "04/2018",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Fewer than 4,000 patients',
                        'industry': 'Healthcare',
                        'name': 'Texas Health Resources',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Email Account Compromise',
 'data_breach': {'number_of_records_exposed': 'Fewer than 4,000',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Patients’ names',
                                              'Medical record numbers',
                                              'Dates of birth',
                                              'Addresses',
                                              'Insurance information',
                                              'Clinical information',
                                              'Social Security numbers',
                                              'Driver’s license and state '
                                              'identification numbers']},
 'description': 'Texas Health Resources notified fewer than 4,000 patients '
                'about an email incident last year. An unauthorized third '
                'party may have gained access to some Texas Health email '
                'accounts. Law enforcement indicated this was part of a larger '
                'incident affecting multiple entities across the country and '
                'did not just affect Texas Health entities and patients. Some '
                'patients’ information may have been in the affected email '
                'accounts. It may have included patients’ names, medical '
                'record numbers, dates of birth, addresses, insurance '
                'information, clinical information, and in some instances '
                'Social Security numbers and driver’s license and state '
                'identification numbers.',
 'impact': {'data_compromised': ['Patients’ names',
                                 'Medical record numbers',
                                 'Dates of birth',
                                 'Addresses',
                                 'Insurance information',
                                 'Clinical information',
                                 'Social Security numbers',
                                 'Driver’s license and state identification '
                                 'numbers']},
 'initial_access_broker': {'entry_point': 'Email Account Compromise'},
 'response': {'law_enforcement_notified': True},
 'threat_actor': 'Unauthorized third party',
 'title': 'Email Incident at Texas Health Resources',
 'type': 'Email Breach'}