UT Southwestern Breach Exposes Personal Info of 40,668 Texans

UT Southwestern Medical Center in Dallas, Texas, recently disclosed a data breach that affected the personal information of 43,048 individuals across the United States. This breach was reported to the Texas Attorney General's office on December 10, 2024, and to the U.S. Department of Health and Human Services on December 9, 2024.

Of the total affected, 40,668 individuals were residents of Texas.

The breach exposed a wide range of sensitive consumer information.

While the exact method of the breach has not been disclosed, the compromised data includes:

• Name of individual
• Address
• Social Security Number (SSN) information
• Driver’s license or government-issued ID number (e.g., passport, state ID card)
• Financial information (e.g., account numbers, credit or debit card numbers)
• Medical information
• Health insurance information
• Date of birth

The inclusion of medical and financial data, coupled with SSNs and government-issued IDs, makes this breach particularly severe. Such information can be used for identity theft, financial fraud, and unauthorized access to medical records.

More details about the breach are available on the Texas Attorney General's website and the U.S. Department of Health and Human Services' breach portal.

UT Southwestern Medical Center's response

UT Southwestern Medical Center has acknowledged the breach and taken steps to address it. While specific details of their response have not been disclosed, organizations in similar situations typically work to secure their systems, notify affected individuals, and collaborate with law enforcement and cybersecurity experts to investigate the incident.

The disclosure of the breach to regulatory bodies, including the Texas Attorney General and the U.S. Department of Health and Human Services, demonstrates compliance with legal obligations to report incidents involving sensitive consumer information.

Affected by the data breach?

If you believe you may have been affected by this breach, it is essential to take immediate action to protect yourself from potential identity theft and fraud. Here are some recommended steps:

1. Monitor your financial accounts and credit reports: Regularly check your bank accounts, credit card statements, and credit reports for any unauthorized transactions or suspicious activity. You can request free credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion) at AnnualCreditReport.com.
2. Place a fraud alert or credit freeze: Consider placing a fraud alert on your credit file to make it harder for identity thieves to open accounts in your name. Alternatively, you can place a credit freeze to prevent any new credit accounts from being opened without your authorization.
3. Change passwords and secure accounts: If any of your online accounts share passwords with the breached information, update them immediately. Use strong, unique passwords for each account and enable multi-factor authentication (MFA) whenever possible.
4. Watch for phishing attempts: Be cautious of unsolicited emails, phone calls, or text messages that request personal information. Scammers may use stolen data to impersonate trusted entities.
5. Contact your health insurer and medical providers: Notify your health insurance company and healthcare providers about the breach. They can monitor for any unauthorized use of your medical information.
6. Consider identity theft protection services: Some individuals affected by breaches choose to enroll in identity theft protection or credit monitoring services for added security.

For additional guidance, refer to the resources provided by the Federal Trade Commission (FTC) on recovering from identity theft.