In September 2024, Texas Tech University Health Sciences Center (TTUHSC) and its El Paso counterpart suffered a cyberattack that compromised sensitive data of over 1.4 million patients. The breach was discovered after a disruption to the institutions’ computer systems and applications between September 17 and 29. Upon identifying the issues, the organization acted swiftly to secure its network and launched an investigation, which confirmed that unauthorized access had occurred during the specified period.
The stolen data includes a range of personal and medical information, such as full names, dates of birth, physical addresses, Social Security numbers, driver’s license numbers, financial account information, health insurance details, medical records, and billing data. Texas Tech University Health Sciences Center has notified those affected and is offering free credit monitoring services to individuals whose data was exposed. The institution is also advising impacted individuals to monitor their credit reports and health insurance billing statements for any signs of misuse.
The cyberattack was attributed to the Interlock ransomware group, which claimed responsibility for the breach in late October. Following the attack, Interlock released 2.1 million files, totaling 2.6 TB of stolen data, on their extortion portal on the dark web. The group demanded a significant ransom, reportedly ranging from hundreds of thousands to millions of dollars, depending on the size of the organization targeted.
In response to the breach, TTUHSC has implemented additional security measures to prevent future incidents. The organization is working diligently to restore normal operations while prioritizing the security of patient data. As the investigation continues, TTUHSC is urging all impacted individuals to remain vigilant for potential phishing attempts and social engineering attacks, while working closely with authorities to address the situation.
Reference:
