Cyber Incident Victim: The Center for Health Care Services

The Center for Health Care Services (CHSC), a mental health services provider based in San Antonio, experienced a large-scale cyberattack during the week preceding December 25, 2019. In response to the incident, CHSC proactively shut down computing systems across all its clinical facilities to contain the threat and prevent further network compromise. The attack occurred during the pre-holiday period, a timeframe when threat actors historically intensify offensive operations against critical infrastructure sectors. While the specific attack vector and malware family were not disclosed publicly, the organization’s decisive containment action disrupted normal clinical operations. No explicit details regarding patient data exfiltration, ransomware deployment, or financial demands were confirmed in available reports. CHSC’s incident coincided with heightened cyber targeting of the U.S. healthcare sector throughout December 2019.

Multiple healthcare organizations faced similar disruptions during the same period, including Roosevelt General Hospital in New Mexico, which discovered malware on a digital imaging server containing patient information on November 14, 2019. Broader industry reporting indicated healthcare providers such as the Colorado Department of Human Services, Sinai Health System, Cheyenne Regional Medical Center, Children's Hope Alliance, and RiverKids Pediatric Home Health experienced data breaches that month. Cyberattacks against healthcare entities during this timeframe carried documented risks of operational paralysis, sensitive data exposure, ransomware-induced system encryption, and potential threats to patient safety due to delayed or disrupted medical services. CHSC’s system shutdown represented a direct operational impact consistent with sector-wide patterns of defensive responses to severe cyber intrusions.