Texas Tech University Health Center reports third-party data breaches affecting 1.3 million patients | Console and Associates, PC

The Texas Tech University Health Science Center (“TTUHSC”) recently confirmed a data breach by Eye Care Leaders, TTUHSC’s third-party vendor, after reporting a data security incident affecting its computer systems. TTUHSC breach More than 1.3 million patients‘names, Social Security numbers, addresses, phone numbers, driver’s license numbers, email addresses, birth dates, medical record numbers, and health insurance information were compromised. On June 7, 2022, the Texas Tech University Health Science Center sent out breach notification letters to all patients affected by recent violations.

If you have received a notification of a data breach, it is essential to understand what is at stake and what you can do about it. To learn how to protect yourself from becoming a victim of fraud or identity theft and find out what your legal options are as a result of a breach of the Texas Tech University Health Center data breach, see our latest article on this topic. here.

Learn more about Texas Tech University Health Science Center Data Violation

Based on information provided by the Texas Tech University Health Science Center, the TTUHSC breach was the result of a data security incident by Eye Care Leaders, a third-party vendor of TTUHSC based on Electronic Health Record Management services.

Clearly, on April 19, 2022, Eye Care Leaders reported to the Texas Tech University Health Science Center that he had suffered a cyberattack. Clearly, Eye Care Leaders detected the first breach on December 4, 2021, at which point the company secured its systems and launched an investigation into the incident. Eye Care Leaders says they had the incident within 24 hours. However, the company’s investigation into the breach confirmed that there was sensitive patient information in the files at risk.

Following the third-party breach, the Texas Tech University Health Science Center conducted a thorough review of all affected files to determine which patients were affected and what information was leaked. Although the violated information varies from individual to individual, your name, address, telephone number, driver’s license number, email address, gender, date of birth, medical registration number, health insurance information, appointment information, social security number, and Texas Tech University Health Science Center medical information related to ophthalmology services obtained through.

On June 7, 2022, the Texas Tech University Center for Health Sciences began sending data breach letters to all individuals who endangered information as a result of the latest data security incident. TTUHSC also posted a notice of the violation on its website.

Texas Tech University Health Science Center is a public medical school based in Lubbock, Texas. TTUHSC is a separate institution from Texas Tech University; however, both universities are part of the Texas Tech University System. TTUHSC operates five schools, including the TTUHSC Medical School with campuses in Amarillo, Lubbock and Odessa; TTUHSC School of Nursing with the Abilene, Lubbock and Odessa campuses; TTUHSC Health Vocational Schools with campuses in Amarillo, Lubbock, Midland and Odessa; Jerry H. Hodge School of Pharmacy with the Abilene, Amarillo, Lubbock, and Dallas campuses; and the TTUHSC Graduate School of Biomedical Sciences with the Abilene, Amarillo, and Lubbock campuses. TTUHSC has approximately 4,600 full-time students and provides patients living in more than 100 counties in western Texas.

The Eye Care Leaders data breach and liability for third party data breaches

Eye Care Leaders ’data breach is well known at the moment. TTUHSC is not the only organization that has leaked patient information as a result of Eye Care Leaders Breach. In fact, after counting 1.3 million TTUHSC patients, the number of patients affected by Eye Care Leaders data breaches is now over 1.9 million.

The HIPAA Journal has recently compiled a list of all practices that report third-party data breaches as a result of the Eye Care Leader violation, summarized below:

  • Texas Tech University Health Science Center – 1,290,104 patients

  • Regional Eye Associates, Inc. of West Morgantown, West Virginia. & Surgical Eye Center – 194,035 patients

  • Precision Eye Care Missouri in 58,462 patients

  • Shoreline Eye Group Connecticut – 57,047 patients

  • Summit Eye Associates in Tennessee – 53,818 patients

  • AU Health Georgian – 50,631 patients

  • Illinois Finkelstein Eye Associates – 48,587 patients

  • Moyes Eye Center, Missouri Computer – 38,000 patients

  • Alabama McCoy Vision Center – 33,930 patients

  • Frank Eye Center in Kansas – 26,333 patients

  • Lori A. Harkins MD, PC dba Harkins Eye Clinic Nebraska – 23,993 patients

  • Allied Eye Physicians & Surgeons Ohion – 20,651 patients

  • EvergreenHealth Washington – 20,533 patients

  • Sylvester Eye Care in Oklahoma – 19,377 patients

  • Arkfeld, Parson and Goldstein, Ilumin dba of Nebraska – 14,984 patients

  • Kansas City Associate Ophthalmologist, Missouri PC – 13,461 patients

  • 8,000 patients in Northern Eye Care Associates Michigan

  • Ad Astra Eye Arkansas – 3,684 patients

  • Fishman Vision California – 2,646 patients

  • Burman & Zuckerbrod Ophthalmology Associates, PC Michigan – 1,337 patients

This raises the question of who is responsible for a third-party data breach, such as a breach of Eye Care Leaders. Under U.S. data breach laws, all organizations with consumer data have a duty to protect the information they hold. This includes organizations that receive information directly from consumers (i.e., TTUHCS) and third-party vendors (i.e., Eye Care Leaders).

In the case of TTUHSC data breach, there is no indication that TTUHSC was negligent in maintaining its data security systems. However, according to future evidence, it is possible that TTUHSC may negatively disclose consumer data to Eye Care Leaders. For example, this could happen if TTUHSC had reason to believe that Eye Care Leaders’ servers were unsafe or that the company had a history of data security issues. Of course, Eye Care Leaders could also be held liable for the breach if it is proven that the company was negligent in managing consumer data.

Organizations and their data security systems are the first line of defense against cyberattacks. Organizations that choose not to maintain a strong data security system pose a high risk to consumer privacy and must be held accountable for their wrong priorities.

Leave a Comment