Overview of the Incident

A cybersecurity breach has disrupted operations at Texas Tech University Health Sciences Center (TTUHSC) and TTUHSC El Paso. The incident has potentially exposed sensitive data for approximately 1.4 million patients, prompting a broad investigation into the attack's scope and consequences.

Incident Timeline and Initial Findings

The breach, discovered in September 2024, caused disruptions to computer systems and applications critical to patient care and institutional operations. Investigators determined that the breach occurred between September 17 and September 29, 2024, during which unauthorized access to certain files and systems occurred.

According to the TTU HSC Site, preliminary assessments suggest that the attackers may have obtained files containing sensitive patient information. The types of data potentially compromised include:

  • Medical information
  • Diagnosis and treatment information
  • Full name
  • Date of birth
  • Physical address
  • Social Security number
  • Driver's license number
  • Government ID number
  • Financial account information
  • Health insurance information
  • Billing/claims data

Interlock Ransomware Claims Responsibility

On October 27, 2024, nearly a month after TTUHSC reportedly blocked the attackers' access, the Interlock ransomware group claimed responsibility for the cyberattack. The group alleged that they had stolen 2.1 million files totaling 2.6 TB of data, which they leaked on their extortion portal on the dark web.

Interlock is a relatively new ransomware operation known for its advanced tactics, including using encryptors that target multiple operating systems. The group’s ransom demands typically range from hundreds of thousands to millions of dollars, depending on the organization's size and resources.

TTUHSC's Immediate Response

Upon detection of the breach, TTUHSC and its El Paso counterpart acted swiftly to contain the incident. The institutions secured their networks, launched a formal investigation, and enlisted the assistance of external cybersecurity experts to identify vulnerabilities and determine the extent of the attack. Law enforcement agencies have also been engaged to aid in tracking the source of the breach.

In compliance with regulatory requirements, TTUHSC has reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights. The investigation remains ongoing as officials work to address the incident and minimize its impact on affected individuals.

Steps Taken to Assist Affected Patients

To support those whose information may have been compromised, TTUHSC will notify affected patients directly and provide resources to help mitigate potential risks. These include:

  1. Offering free credit monitoring services to affected individuals.
  2. Providing clear instructions on safeguarding personal and financial information.
  3. Encouraging vigilance regarding suspicious activity, such as unauthorized financial transactions or health insurance claims.

Patients are advised to:

  • Regularly monitor bank accounts and credit reports.
  • Verify health insurance statements for anomalies.
  • Avoid responding to unsolicited emails or phone calls requesting sensitive information.

Lessons for Healthcare Institutions

This incident underscores the challenges healthcare organizations face in protecting sensitive data amidst rising cyber threats. Healthcare institutions house vast amounts of valuable personal and medical information, making them frequent targets for cyberattacks.

Moving Forward

TTUHSC and TTUHSC El Paso are committed to safeguarding patient data and ensuring transparency throughout this investigation. Officials have pledged to learn from this incident and bolster cybersecurity measures to prevent similar breaches in the future.

The link has been copied!