Harris County Hospital District d/b/a Harris Health System
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Harris Health System, a public healthcare provider in Harris County, Texas, experienced a significant data breach related to vulnerabilities in the MOVEit file transfer software. This incident, which came to light in June 2023, exposed sensitive information of patients and employees, including Social Security numbers, immigration status, and details related to medical treatment. The breach was part of a larger cyberattack that affected various organizations worldwide, attributed to a Russian ransomware group exploiting the MOVEit software[1][3].
Harris Health System responded to the breach by implementing security safeguards to address the MOVEit vulnerability and initiated an investigation with third-party experts to understand the full scope of the incident. The organization began notifying affected individuals on July 21, 2023, and offered complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were compromised[3][7].
The breach did not impact Harris Health’s electronic medical records or financial account information of patients. Operations and patient care services remained fully functional despite the incident[3][7]. Harris Health System has taken steps to enhance its secure file transfer protocols to prevent future breaches[7].
This incident is part of a larger trend of cyberattacks targeting healthcare systems, underscoring the importance of robust cybersecurity measures to protect sensitive patient information[3].
Citations:
- https://abc13.com/moveit-breach-harris-health-system-cyberattack-houston-patient-info-exposed/13419649/
- https://www.harrishealth.org/about-us-hh/news/Pages/harris-health-system-notifies-patients-of-privacy-breach.aspx
- https://www.offthekuff.com/wp/?p=110802
- https://www.reddit.com/r/houston/comments/15g2h9r/harris_health_system_major_data_leak/
- https://abc13.com
- https://www.houstonchronicle.com/health/article/harris-health-patient-information-exposed-18254699.php
- https://www.harrishealth.org/about-us-hh/news/Pages/notice-to-patients-of-moveit-incident.aspx
- https://www.click2houston.com/news/local/2023/11/09/harris-center-for-mental-health-recovering-from-suspected-cyber-attack/
- https://www.texasattorneygeneral.gov/consumer-protection
- https://www.turkestrauss.com/2023/07/26/harris-health-system-data-breach-investigation/
- https://www.harrishealth.org/patients/privacy-information-security
- https://www.houstonpublicmedia.org/articles/news/health-science/2023/11/09/469042/harris-county-mental-health-provider-targeted-in-suspected-ransomware-attack/
- https://nypost.com/2024/02/13/opinion/kamala-harris-says-shes-ready-to-serve-what-could-be-scarier/
- https://www.click2houston.com/news/local/2023/09/12/thousands-of-houston-healthcare-patients-warned-about-massive-data-breach/
- https://abc13.com/the-harris-center-for-mental-health-cyber-attack-patient-delays-employee-files-inaccessible/14049544/
- https://healthitsecurity.com/news/several-healthcare-data-breaches-unfold-from-moveit-transfer-cyberattack
- https://www.politico.com/news/magazine/2024/02/02/joe-biden-30-policy-things-you-might-have-missed-00139046
- https://law.justia.com/cases/federal/appellate-courts/ca5/22-20659/22-20659-2023-12-14.html
- https://www.theharriscenter.org/notice-data-security-incident
- https://www.houstonchronicle.com/news/houston-texas/houston/article/osteen-lakewood-church-shooting-updates-18662128.php
- https://casetext.com/case/vaughn-v-harris-cnty-hosp-dist-1
- https://www.nbcnews.com
- https://www.harrishealth.org/SiteCollectionDocuments/retirees/HIPAA-notice-of-privacy-practices.pdf
- https://atriumhealth.org
- https://casetext.com/case/united-states-v-harris-cnty-hosp-dist