• 5
  • Hospitals
  • 5
  • TX
  • 5
  • Self-insured group health plans sponsored by the City of Dallas

Self-insured group health plans sponsored by the City of Dallas

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at the self-insured group health plans sponsored by the City of Dallas, TX, was a significant cybersecurity incident that affected 30,253 individuals. This breach was part of a ransomware attack that the city disclosed, with the U.S. Department of Health and Human Services (HHS) opening an investigation into the matter. The breach was reported to HHS on August 3, 2023, indicating that personal information accessed included names, addresses, Social Security information, medical and health insurance information, among other data[1].

The ransomware group Royal was identified as responsible for the attack, threatening to leak city employees’ personal information. In response, the City of Dallas sent out approximately 27,000 letters to employees, offering free credit monitoring and identity theft insurance for two years[1]. Despite the city’s efforts to address the breach, there was criticism regarding the transparency and timeliness of the city’s communication about the extent of the data compromised[1][3].

The City Council approved nearly $8.6 million to address the aftermath of the breach, covering costs for hardware, software, and consulting services[3]. This incident highlights the growing threat of ransomware attacks on public entities and the critical importance of cybersecurity measures to protect sensitive information.

The breach’s impact extended beyond the immediate financial and operational disruptions, affecting the trust and privacy of thousands of individuals whose personal information was compromised. The ongoing investigation by HHS’s Office of Civil Rights underscores the seriousness of the breach and the need for compliance with HIPAA privacy, security, and breach notification rules[1].

This incident serves as a stark reminder of the vulnerabilities that exist within municipal systems and the need for robust cybersecurity defenses and protocols to safeguard against such attacks. The City of Dallas’s experience underscores the importance of preparedness, rapid response, and transparent communication in managing and mitigating the effects of cyber incidents[1][3].

Citations:

  1. https://www.keranews.org/government/2023-08-17/city-of-dallas-ransomware-attack-30000-affected
  2. https://www.humana.com
  3. https://www.governing.com/security/dallas-to-reveal-cyber-attack-details-this-week
  4. https://www.multiplan.us
  5. https://www.wfaa.com/article/news/local/city-dallas-99-restored-ransomware-attack-30253-people-impacted/287-073bd690-c1ae-493a-80d0-81880fc4d15e
  6. https://www.cdc.gov/vaccines/programs/bridge/index.html
  7. https://www.dallasnews.com/news/politics/2023/08/17/federal-agency-investigating-dallas-ransomware-attack-number-impacted-up-to-30253/
  8. https://medicalcityhealthcare.com/locations/medical-city-arlington/
  9. https://www.govtech.com/security/dallas-ransomware-victim-count-climbs-feds-investigate
  10. https://krebsonsecurity.com
  11. https://www.dallasnews.com/news/politics/2024/01/11/ransomware-dallas-says-cyberattack-targeted-more-people-than-previously-disclosed/
  12. https://www.propublica.org/article/ugly-truth-behind-we-buy-ugly-houses
  13. https://www.sangfor.com/blog/cybersecurity/dallas-ransomware-attack-affects-30253-people
  14. https://www.labcorp.com
  15. https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf
  16. https://www.pattersondental.com
Breach Submission Date Aug 03, 2023
Converted Entity Name Self-insured group health plans sponsored by the City of Dallas
Converted Entity Type Health Plan
State TX
Individuals Affected 30,253
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes