Northwest Texas Healthcare System releases information about late 2021 breach which involved patients’ protected health information

AMARILLO, Texas (KAMR/KCIT) — Officers with the Northwest Texas Health care Procedure unveiled details about a breach in late 2021 that involved secured health and fitness data for the system’s patients.

According to a “vendor breach celebration notice” printed on Thursday, officers explained that Adelanto Healthcare Ventures LLC, a consulting firm that is effective for just one of the system’s small business associates and a company that supplies “transactional advisory support” for the system, became mindful of two email accounts staying accessed as a result of a “phishing incident” in November 2021.

Officials claimed originally, they did not believe that the incident concerned the Northwest Texas Healthcare System. In December 2021, AHCV contacted a previous employee of the system that guarded health and fitness information and facts was discovered in the impacted email accounts and “potentially available through the incident.” It was not right up until August 2022 that a company affiliate of the method discovered that sure information and facts could have been concerned in the phishing incident.

Just after studying of the incident, the affiliate, not determined by the Northwest Texas Health care Process, commenced an investigation. But the associate did not obtain “sufficient information” to conduct the investigation until finally late December 2022.

“There is no proof to date to advise that the PHS was copied or misused, but our business enterprise linked notified our Corporation of the incident on January 28, 2023,” the observe reads. “Once we acquired this observe, we labored with our business enterprise affiliate to get the ways necessary to deliver notification to persons.”

Officers explained the email messages concerned in the phishing incident possibly contained some or all of the subsequent info from the system’s sufferers, including:

• Patient’s comprehensive title
• Facility title
• Medicaid assert ID
• Medicaid customer ID
• Care program name
• Medicaid program
• Gender
• Day of delivery
• Admission and discharge day
• Professional medical and analysis info
• Psychological overall health comorbidity (if any).

Officers stressed that the e-mail did not comprise social stability numbers, credit history card numbers, or other financial facts.

The procedure explained that notification letters bordering this detect started to be mailed on March 29. They also mentioned that AHCV is reportedly expanding its safety steps and assessing more education for its workforce. The unnamed organization associate has also reportedly “counseled its personal workforce on the incident and greatest procedures.”

“While we are unaware of any precise or tried misuse of PHI, we are supplying impacted people 12 months of world wide web surveillance and identity restoration solutions through Experian at no charge,” the discover read through. “Individuals can refer to their notification letter for enrollment guidance.”

The notice said that people with added inquiries are questioned to contact 800-910-4035, a dedicated line open from 8 a.m. to 10 p.m. Monday by means of Friday, and from 12 p.m. to 7 p.m. on Saturday and Sunday, excluding holidays. Officials reported the line will remain open up until finally July 31.

“If you did not get a letter, but would like to know if you had been afflicted, you should get in touch with our devoted assistance line,” the see examine.