United Regional Health Care System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The United Regional Health Care System in Texas experienced a data breach where an unauthorized person gained access to a United Regional employee’s email account in July 2019. The breach was discovered and the account was secured quickly, and a computer forensic firm was hired to assist with the investigation. By December 20, 2019, it was determined that patient information could have been accessed, although there was no indication that the information was actually viewed or misused. Out of caution, United Regional began mailing letters to affected patients on February 18, 2020. The system receives approximately 92,000 emails daily, with 89% being blocked by security procedures[1].

In a separate incident, United Regional Health Care System reported another data breach to the Texas Attorney General that occurred on May 30, 2023, affecting 36,905 people. The breach involved medical information, health insurance details, and dates of birth. Affected individuals were notified by letter[4].

Additionally, United Regional Health Care System was involved in a lawsuit against the U.S. Department of Health and Human Services (HHS) over online tracking rules. The American Hospital Association (AHA) and other plaintiffs, including United Regional, filed a lawsuit challenging HHS guidance on the use of online tracking technologies on public-facing websites, arguing that the rule was a “gross overreach by the federal bureaucracy” and that it harmed the public by restricting access to vital health information[9][14].

For more detailed information on the breach and the response from United Regional Health Care System, individuals can refer to the official statements and notifications provided by the organization[1][4].

Citations:

  1. https://www.newschannel6now.com/2020/02/19/united-regional-addresses-patient-record-breach/
  2. https://www.federalregister.gov/documents/2011/03/10/2011-5529/united-states-and-state-of-texas-v-united-regional-health-care-system-proposed-final-judgment-and
  3. https://www.jdsupra.com/legalnews/united-healthcare-services-inc-2892704/
  4. https://www.classaction.org/data-breach-lawsuits/united-regional-health-care-system-november-2023
  5. https://www.naag.org/multistate-case/u-s-and-texas-v-united-regional-healthcare-system-no-711-cv-00030-n-d-tex-feb-25-2011/
  6. https://www.bankinfosecurity.com/aha-sues-feds-over-privacy-warning-about-web-tracker-use-a-23544
  7. https://unitedregional.org/privacy-practices-and-compliance/
  8. https://www.idstrong.com/sentinel/texas-medical-center-data-breach-exposes-patient-info/
  9. https://www.healthcareitnews.com/news/aha-files-suit-against-against-hhs-over-online-tracking-rules
  10. https://www.justice.gov/opa/pr/justice-department-reaches-settlement-texas-hospital-prohibiting-anticompetitive-contracts
  11. https://www.fox26houston.com/news/unitedhealthcare-data-breach-officials-warning-texas-residents-about-incident
  12. https://www.click2houston.com/news/local/2023/09/12/thousands-of-houston-healthcare-patients-warned-about-massive-data-breach/
  13. https://www.justice.gov/atr/case/us-and-state-texas-v-united-regional-health-care-system
  14. https://www.hipaajournal.com/aha-files-lawsuit-challenging-hhs-guidance-on-tracking-technologies/
  15. https://www.databreaches.net/united-regional-sends-letters-to-patients-about-information-breach/
  16. https://www.mass.gov/doc/assigned-data-breach-number-31067-united-regional-health-care-systems-12-4-23/download
  17. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Breach Submission Date Jan 26, 2024
Converted Entity Name United Regional Health Care System
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 36,900
Breach Type Hacking/IT Incident

Breach Information Location Other

Business Associate Present Yes