Texas Tech University Health Sciences Center Ransomware Attack Impacts 1.5 Million Patients

Texas Tech University Health Sciences Center (TTUHSC), an academic health institution and medical school, has confirmed a ransomware attack in September 2024 led to the exfiltration of sensitive patient data from systems shared by TTUHSC, its El Paso center, Texas Tech Physicians, and UMC Health System.  

Two breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights revealed that 1,465,000 patients were impacted: 650,000 from TTUHSC and 815,000 from its El Paso location.  

UMC Health had previously reported the breach, initially affecting 501 individuals, HIPAA Journal reports.

The attack, occurring between September 17 and 29, 2024, disrupted systems and was attributed to unauthorized access. The Interlock ransomware group claimed responsibility, leaking 2.6 TB of data containing 2.1 million files after the ransom was not paid.  

Compromised information includes names, Social Security numbers, medical records, diagnoses, billing data, and financial details.

TTUHSC has completed its review and begun notifying affected individuals, offering complimentary credit monitoring services. Individuals are urged to monitor their financial and health accounts for misuse.  

In response, TTUHSC has enhanced its cybersecurity measures to prevent future incidents. This breach follows a similar 2022 attack involving Eye Care Leaders, which impacted over 1.29 million patients.

Takeaway: The ransomware attack impacting Texas Tech University Health Sciences Center (TTUHSC), its El Paso center, Texas Tech Physicians, and UMC Health System underscores the complexity organizations face when navigating breach notifications while protecting both their legal interests and public trust.

Determining the extent of a breach—like the one involving TTUHSC—requires significant time, particularly in sectors like healthcare, where sensitive patient data is at risk.  

Digital Forensics and Incident Response (DFIR) investigations often take weeks or months to complete.  

Sophisticated attackers use tactics to evade detection and obscure their tracks, forcing organizations to comb through vast logs, reconstruct attack pathways, and identify data accessed or exfiltrated.

This prolonged investigative process often exceeds regulatory reporting timelines, such as those imposed by HIPAA for breaches involving protected health information (PHI).  

While organizations are legally obligated to report breaches promptly, they must balance transparency with ensuring accurate details are disclosed. Missteps could carry legal ramifications, complicating relationships with regulators, patients, and stakeholders.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.