Endocrine and Psychiatry Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Endocrine and Psychiatry Center, located in Texas, experienced a data breach that was discovered prior to March 20, 2023. The breach affected 28,531 individuals, compromising sensitive personal information including full names, Social Security numbers, driver’s licenses or other government identification numbers, dates of birth, financial account information, credit or debit card information, treatment/diagnosis information, and health insurance information[3][5].

The breach involved data generated before 2017, and a comprehensive review of the affected files was concluded on October 15, 2023[5]. The Center began informing individuals of the breach through mailed notice letters[3]. The information stolen is considered valuable and could potentially lead to identity theft or other fraudulent activities[3].

The incident was reported to the Maine Attorney General’s Office as an “External system breach (hacking)”[7][9]. There is an ongoing investigation by Migliaccio & Rathod LLP into the breach[3]. Additionally, there has been some controversy regarding the Center’s reporting of the breach, with suggestions that the breach may have been reported as a hack when it was actually due to the data being improperly secured[7][11].

Affected individuals were offered complimentary credit monitoring services if their Social Security number was impacted[9]. The Endocrine and Psychiatry Center has faced criticism for the way the breach was disclosed and handled, with concerns about the accuracy of the reported number of affected individuals and the timing of the discovery and notification[7].

Citations:

  1. https://abingtonlaw.com/Endocrine-Psychiatry-Center-Data-Breach-class-action-lawsuit.html
  2. https://cookcountyhealth.org/join-our-team/
  3. https://classlawdc.com/2023/11/15/endocrine-and-psychiatry-center-data-breach-investigation/
  4. https://www.nejm.org/doi/full/10.1056/NEJMoa2307563
  5. https://www.hipaajournal.com/healthcare-data-breach-round-up-november-16-2023/
  6. https://walterreed.tricare.mil
  7. https://www.databreaches.net/does-claiming-you-were-hacked-when-you-had-really-just-screwed-up-violate-the-ftc-act/
  8. https://www.huntingtonhealth.org
  9. https://apps.web.maine.gov/online/aeviewer/ME/40/d68fcc57-f7a4-4e71-a320-68f2e4c9aa37.shtml
  10. https://horseshoe.musc.edu
  11. https://www.databreaches.net/no-need-to-hack-when-682000-medical-records-are-leaking-monday-edition/
  12. https://www.chron.com/news/houston-texas/article/cyberattack-houston-harris-county-texas-18330891.php
  13. https://apps.web.maine.gov/online/aeviewer/ME/40/d68fcc57-f7a4-4e71-a320-68f2e4c9aa37/eba6f7c2-fa47-4bcc-b4a8-ec6dcfe4d504/document.html
  14. https://www.defensorum.com/data-breaches-at-medical-eye-services-peakmed-prospect-medical-services-and-4-more-healthcare-providers/
Breach Submission Date Nov 14, 2023
Converted Entity Name Endocrine and Psychiatry Center
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 28,531
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes