Harris County Hospital District d/b/a Harris Health System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Harris Health System, a public healthcare provider in Harris County, Texas, experienced a significant data breach related to vulnerabilities in the MOVEit file transfer software. This incident, which came to light in June 2023, exposed sensitive information of patients and employees, including Social Security numbers, immigration status, and details related to medical treatment. The breach was part of a larger cyberattack that affected various organizations worldwide, attributed to a Russian ransomware group exploiting the MOVEit software[1][3].

Harris Health System responded to the breach by implementing security safeguards to address the MOVEit vulnerability and initiated an investigation with third-party experts to understand the full scope of the incident. The organization began notifying affected individuals on July 21, 2023, and offered complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were compromised[3][7].

The breach did not impact Harris Health’s electronic medical records or financial account information of patients. Operations and patient care services remained fully functional despite the incident[3][7]. Harris Health System has taken steps to enhance its secure file transfer protocols to prevent future breaches[7].

This incident is part of a larger trend of cyberattacks targeting healthcare systems, underscoring the importance of robust cybersecurity measures to protect sensitive patient information[3].

Citations:

  1. https://abc13.com/moveit-breach-harris-health-system-cyberattack-houston-patient-info-exposed/13419649/
  2. https://www.harrishealth.org/about-us-hh/news/Pages/harris-health-system-notifies-patients-of-privacy-breach.aspx
  3. https://www.offthekuff.com/wp/?p=110802
  4. https://www.reddit.com/r/houston/comments/15g2h9r/harris_health_system_major_data_leak/
  5. https://abc13.com
  6. https://www.houstonchronicle.com/health/article/harris-health-patient-information-exposed-18254699.php
  7. https://www.harrishealth.org/about-us-hh/news/Pages/notice-to-patients-of-moveit-incident.aspx
  8. https://www.click2houston.com/news/local/2023/11/09/harris-center-for-mental-health-recovering-from-suspected-cyber-attack/
  9. https://www.texasattorneygeneral.gov/consumer-protection
  10. https://www.turkestrauss.com/2023/07/26/harris-health-system-data-breach-investigation/
  11. https://www.harrishealth.org/patients/privacy-information-security
  12. https://www.houstonpublicmedia.org/articles/news/health-science/2023/11/09/469042/harris-county-mental-health-provider-targeted-in-suspected-ransomware-attack/
  13. https://nypost.com/2024/02/13/opinion/kamala-harris-says-shes-ready-to-serve-what-could-be-scarier/
  14. https://www.click2houston.com/news/local/2023/09/12/thousands-of-houston-healthcare-patients-warned-about-massive-data-breach/
  15. https://abc13.com/the-harris-center-for-mental-health-cyber-attack-patient-delays-employee-files-inaccessible/14049544/
  16. https://healthitsecurity.com/news/several-healthcare-data-breaches-unfold-from-moveit-transfer-cyberattack
  17. https://www.politico.com/news/magazine/2024/02/02/joe-biden-30-policy-things-you-might-have-missed-00139046
  18. https://law.justia.com/cases/federal/appellate-courts/ca5/22-20659/22-20659-2023-12-14.html
  19. https://www.theharriscenter.org/notice-data-security-incident
  20. https://www.houstonchronicle.com/news/houston-texas/houston/article/osteen-lakewood-church-shooting-updates-18662128.php
  21. https://casetext.com/case/vaughn-v-harris-cnty-hosp-dist-1
  22. https://www.nbcnews.com
  23. https://www.harrishealth.org/SiteCollectionDocuments/retirees/HIPAA-notice-of-privacy-practices.pdf
  24. https://atriumhealth.org
  25. https://casetext.com/case/united-states-v-harris-cnty-hosp-dist
Breach Submission Date Jul 21, 2023
Converted Entity Name Harris County Hospital District d/b/a Harris Health System
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 455,676
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes