In September 2024, Texas Tech University Health Sciences Center (TTUHSC) and its El Paso branch experienced a significant cybersecurity incident that compromised the personal information of approximately 1.4 million individuals.

Incident Overview

The breach occurred between September 17 and September 29, 2024, leading to temporary disruptions in computer systems and applications. An investigation revealed unauthorized access resulting in the removal of certain files and folders from the HSCs' network.

Data Compromised

The compromised information varies by individual but may include:

• Personal Information: Names, dates of birth, addresses, Social Security numbers, driver's license numbers, and government-issued identification numbers.

• Financial Information: Financial account details.

• Health Information: Health insurance details, medical record numbers, billing and claims data, and diagnosis and treatment information.

Threat Actor Involvement

The Interlock ransomware group has claimed responsibility for this attack, alleging the theft of approximately 2.6 terabytes of data, including patient information, medical research, and multiple SQL databases.

Institutional Response

Upon discovering the breach, TTUHSC took immediate steps to secure its network and initiated a comprehensive investigation. The institution is in the process of notifying affected individuals and is offering complimentary credit monitoring services. Additionally, TTUHSC is reviewing existing security policies and implementing further safeguards to enhance system protection and monitoring.

Recommendations for Affected Individuals

Individuals potentially impacted by this breach are advised to:

• Monitor Financial Accounts: Regularly review bank statements and credit reports for any unauthorized activity.

• Check Health Records: Examine health insurance billing statements for discrepancies or unfamiliar services.

• Utilize Credit Monitoring: Take advantage of the credit monitoring services provided by TTUHSC.

• Report Suspicious Activity: Immediately report any signs of identity theft or fraud to the relevant financial institutions and authorities.

Conclusion

This incident underscores the critical importance of robust cybersecurity measures within educational and healthcare institutions. The sensitive nature of the data involved necessitates ongoing vigilance and proactive steps to safeguard against future cyber threats.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.