Texas Tech University Data Breach Affects 1.4M Patients

Texas Tech University Health Sciences Center (TTUHSC) and its El Paso division have suffered a massive data breach impacting the personal information of over 1.4 million patients. The cyberattack, which occurred between September 17 and September 29, 2024, disrupted the university’s computer systems and may have compromised sensitive data, including Social Security numbers, financial information, and medical records.

In an official statement, TTUHSC confirmed the breach and announced measures to address the fallout, including notifying affected individuals and offering complimentary credit monitoring services. The attack, claimed by the Interlock ransomware gang, led to the theft of 2.6 terabytes of data.

According to BleepingComputer, the stolen information is now reportedly available for download on dark web extortion portals, posing significant risks of identity theft and fraud.

Interlock, a relatively new ransomware group, is known for targeting FreeBSD servers and has demanded ransoms equaling millions of dollars. Images of stolen documents were posted on Interlock’s leak site, though TTUHSC has not confirmed the exact data leaked. This incident follows other recent cases of ransomware targeting US healthcare institutions.

In response to the attack, TTUHSC initiated an investigation and implemented additional safeguards to prevent similar incidents. A statement from the university outlined their efforts to enhance system monitoring and improve security protocols.

TTUHSC has urged patients to monitor their credit reports and health insurance statements for suspicious activity and errors, and to report any potential fraud.

Experts also recommend avoiding phishing attacks by being cautious of unknown email links and ensuring all devices are protected with updated antivirus software. This incident adds to the growing list of healthcare-related breaches in recent months, spotlighting the urgent need for improved cybersecurity measures within the industry.

With critical data exposed and trust shaken, the breach serves as a stark reminder of the vulnerabilities in modern digital systems and the dire consequences of insufficient protection against cyber threats.