The Texas Tech University Health Sciences Centre (TTUHSC) and its El Paso campus have confirmed that a cyberattack in September 2024 resulted in unauthorised access to sensitive data. According to BleepingComputer, the attack, which caused operational disruptions across the HSCs’ systems, may have impacted nearly 1.4 million individuals.
The attack occurred between 17 September and 29 September 2024, during which files and folders containing sensitive data were accessed and removed from TTUHSC’s network. Information potentially compromised in the breach includes names, dates of birth, addresses, Social Security numbers, driver’s licence numbers, financial account information, and other government-issued identification details. Additionally, health-related records, such as medical record numbers, billing and claims data, and diagnosis or treatment information, may have been exposed.
The breach was discovered in mid-September when TTUHSC identified disruptions within its systems and immediately implemented measures to secure its network. Following the discovery, an internal investigation was launched, and the organisation reported the incident to the US Department of Health and Human Services Office for Civil Rights, as required by federal law.
On 27 October 2024, the Interlock ransomware group claimed responsibility for the attack. The group alleged that 2.1 million files, totalling 2.6 terabytes of data, had been exfiltrated. Interlock published the data on its dark web extortion portal, where it is reportedly available for download.
In response to the incident, TTUHSC is directly notifying individuals whose information may have been compromised and offering complimentary credit monitoring services to help mitigate potential risks. Impacted individuals are being encouraged to monitor their credit reports, financial statements, and healthcare billing records for any suspicious activity. To assist further, TTUHSC has established a toll-free assistance line where affected individuals can seek additional information and support.
“Individuals whose information may be affected by this incident are encouraged to remain vigilant against identity theft and fraud, review account statements and monitor their credit reports, as well as health care and health insurance billing statements, for suspicious activity or errors,” reads a notice on the TTUHSC website.
The organisation said that it has also begun a comprehensive review of its security protocols and is implementing enhanced safeguards to strengthen monitoring and prevent similar incidents in the future.
Under US law, individuals affected by the breach are entitled to one free credit report annually from each of the three major credit reporting agencies, namely Equifax, Experian, and TransUnion. Individuals may also place fraud alerts or credit freezes on their credit files as precautionary measures to limit unauthorised financial activity.
TTUHSC, part of the Texas Tech University System, provides medical education, research, and patient care across Texas, managing large volumes of personal and health-related data. The organisation stated that it continues to work with cybersecurity specialists and regulators as its investigation progresses.
Healthcare institutions remain prime targets for cyberattacks
The TTUHSC incident highlights the persistent cybersecurity challenges faced by healthcare institutions, which remain prime targets for attacks due to the sensitive nature of the data they handle.
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, experienced a ransomware attack that disrupted electronic payments and medical claims processing across the US. Sensitive data from over 100 million individuals, including health insurance details, medical records, billing information, and personal identification numbers, was compromised. The hacker group ALPHV, or BlackCat, claimed responsibility, with reports suggesting a ransom payment of around $22m.
In May 2024, MediSecure, an Australian healthcare provider specialising in electronic prescriptions, suffered a data breach through a third-party service. The breach potentially exposed personal and health information, leading to intervention by federal agencies, including the Australian Federal Police and the Australian Cyber Security Centre.
In June 2024, a ransomware attack reportedly linked to the Russian cyber gang Qilin targeted Synnovis, a pathology services provider for multiple National Health Service (NHS) hospitals in London. The attack caused widespread cancellations of operations and appointments, severely affecting critical services like blood transfusions.
Read more: Concern on both sides of the Atlantic increases following cyberattacks on hospitals
