Texas healthcare provider suffers breach impacting 640,000 individuals

Hendrick Health System, a nonprofit healthcare provider in Abilene, Texas, reported a data breach on January 15 affecting 640,436 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted on its website, Hendrick Health said on November 20 it identified a network security threat that affected patient information and disrupted the operations of its IT systems. The organization immediately began working to secure the systems, launch an investigation, and notify law enforcement. The investigation determined that that an unauthorized party may have accessed patient information between October 10 and November 9. The accessed information may have included the following:

• Demographic and other limited information about patient care at Hendrick Health
• Names
• Social Security numbers

Hendrick Health’s electronic health record was not impacted by the breach, according to the security notice.

The organization began mailing letters to patients on January 15. In addition, Hendrick Health created a call center to answer patient questions.

In the initial security notice posted on the Hendrick Health website in November, the organization indicated that its inpatient services would continue uninterrupted in the wake of the breach, but certain outpatients services, such as therapies or doctors’ visits, may have needed to be rescheduled.

The breach is the largest reported thus far in 2021. On January 8, Roper St. Francis Healthcare in Charleston, S.C., reported a breach affecting 189,761 individuals, making it the second largest breach of the new year.