TTUHSC Data Breach Affects 1.46 Million Individuals

Texas Tech University Health Sciences Center (TTUHSC), recently disclosed a significant data breach that has affected approximately 1,465,000 individuals. The breach involved the unauthorized access and potential theft of sensitive personally identifiable and health information (PII & PHI).

The compromised data includes a wide array of sensitive details:

• Name
• Date of birth
• Address
• Social Security number
• Driver’s license number
• Government-issued identification number
• Financial account information
• Health insurance information
• Medical information, including medical record numbers, billing/claims data, and diagnosis and treatment information

The breach is particularly severe due to the nature of the information exposed. Medical and financial data, combined with personally identifiable information, can be exploited for identity theft, financial fraud, and even medical identity theft.

TTUHSC disclosed the breach on a dedicated webpage and to the U.S. Department of Health and Human Services Office for Civil Rights' website.

On October 27, 2024, the ransomware group, INTERLOCK Ransomware, claimed credit for the breach by posting sample data on the dark web to prove its authenticity.

The exposure of such a comprehensive dataset highlights the critical importance of robust cybersecurity measures in protecting sensitive consumer information.

Texas Tech University Health Sciences Center's response

In response to the breach, TTUHSC has taken steps to investigate the incident, secure its systems, and notify affected individuals.

While the full scope of their response has not been detailed, organizations in similar situations typically work with cybersecurity experts to identify vulnerabilities, enhance system security, and mitigate further risks.

TTUHSC will also need to comply with legal obligations to report the breach to relevant authorities, including the Texas Attorney General's office.

Affected individuals are likely being contacted directly with further instructions and resources to help protect their information.

Are you affected by the data breach?

If you believe you may have been impacted by this data breach, it is crucial to take immediate steps to protect your personal and financial information.

Here are some recommendations:

1. Monitor your financial accounts and credit reports: Regularly check your bank accounts, credit card statements, and credit reports for any unauthorized transactions or suspicious activity. You can obtain free credit reports annually from AnnualCreditReport.com.
2. Place a fraud alert or credit freeze: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert or freeze on your credit. A fraud alert notifies lenders to take extra steps to verify your identity before extending credit, while a credit freeze prevents new credit accounts from being opened in your name.
3. Be vigilant about phishing attempts: Scammers may use the stolen information to craft convincing phishing emails or phone calls. Avoid clicking on links or providing personal information to unsolicited requests.
4. Review your health insurance and medical records: Check for any unauthorized use of your health insurance or medical identity. This includes reviewing Explanation of Benefits (EOB) statements and contacting your healthcare provider if you notice discrepancies.
5. Consider identity theft protection services: If offered by TTUHSC, take advantage of any free credit monitoring or identity theft protection services. If not, consider enrolling in a reputable service on your own.