Certified Community Behavioral Health Clinic, Texas Panhandle Centers (TPC) based in Amarillo, TX uncovered unauthorized access to its computer network and the compromise of 16,394 patients’ personal data and protected health information (PHI).
TPC, which was founded in 1966, serves individuals with intellectual and developmental disabilities, behavioral health problems (mental health conditions and substance use), and kids aged 0 to 3 with developmental delays. Every year, TPC delivers healthcare services to more than 10,000 individuals and their families located in 21 counties where Texas Panhandle has service centers including Amarillo, Clarendon, Borger, Dumas, Hereford, Perryton, and Pampa.
The substitute breach notice did not mention when the incident was noticed. It just mentioned that it happened on or about October 17, 2023. Upon discovering the unauthorized activity, TPC promptly secured its system and started an investigation.
Cybersecurity experts helped in the investigation to find out what personal data, if any, was exposed. The forensic investigation confirmed potential access and theft of patient data files by an unauthorized individual on or about April 19, 2024.
The analysis of those records showed they included PHI such as patient names, birth dates, medical record numbers, driver’s license numbers, state ID numbers, diagnosis/condition data, laboratory test results, prescription drugs, healthcare claims data, and clinical/treatment data. The Social Security numbers of a subgroup of those people were also exposed.
Although patient information was exposed, Texas Panhandle Centers reported it did not receive any report of patient data misuse. As a safety precaution and to comply with HIPAA laws, TPC sent personal notifications to the impacted people on May 9, 2024, and those whose Social Security numbers were exposed received free identity theft and credit monitoring services via Experian IdentityWorksSM.
Photo Credit: tippapatt, adobestock / TPC
