Data breaches at Texas hospitals have compromised the personal health data of millions of patients over the past year - State of Reform

Data breaches at Texas hospitals have compromised the personal health data of millions of patients over the past year – State of Reform

CHRISTUS Spohn Health System sent notifications this week to patients whose personal health information may have been breached after a sample of allegedly stolen data from his network was posted on the dark web leak site AvosLocker.

Get the latest information on state-specific policies for the healthcare sector delivered to your inbox.


The data included patient names, birth dates, social security numbers, diagnoses and other medical information.

In a statement, CHRISTUS Health reported the “unauthorized activity” on its computer network to authorities and said it was still reviewing the incident.

According to data from the US Department of Health and Human Services Office for Civil Rights (OCR), the breach at CHRISTUS Health may have affected more than 15,000 patients.

Since July 2021, 32 healthcare providers in Texas reported personal data breaches that affected more than 3.8 million patients, with the largest breach of 1.29 million people reported at Texas Tech University Health Sciences Center in June.

Dallas-based Tenet Healthcare and its subsidiary Baptist Health System reported a data breach that affected about 1.2 million of its patients in April. A class action lawsuit was filed this month in Dallas County on behalf of Texas resident Troy Contreras, one of approximately 1.2 million patients affected by the breach.

Contreras alleges that Tenet Healthcare and the Baptist Health System failed to properly notify patients of the incident or take proper precautions to prevent it. The lawsuit seeks more than $1 million in damages.

Healthcare data breaches continue to be a national problem. According to HIPAA Review693 such breaches affecting more than 41 million health records have occurred in the 12 months since March 2021.

In his last reportthe Government Accountability Office (GAO) has recommended that the OCR implement a feedback mechanism to improve the efficiency of its process for reporting health data breaches.

Based on these guidelines, OCR announced that it would implement a feedback mechanism by adding language and contact information to the confirmation email that healthcare entities receive.

The OCR will also direct its regional offices to regularly review and respond to emails received regarding the process for reporting violations.

Leave a Comment

Your email address will not be published.