Cyber Incident Victim: Dallam Hartley Counties Hospital District
Date:
Sep 2022
Location:
United States of America
Summary
Dallam Hartley Counties Hospital District experienced a data breach where an unauthorized party accessed its computer network, compromising confidential patient information including names, Social Security numbers, health insurance details, demographic data, and medical records. The Texas-based healthcare provider detected the intrusion, secured its systems, engaged law enforcement and cybersecurity experts, and confirmed that specific files were exfiltrated during the incident. Following an internal review to identify affected individuals, the organization notified impacted patients of the exposure. The breach highlights risks of healthcare identity theft and fraud stemming from unauthorized access to protected health information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 28, 2022, Dallam Hartley Counties Hospital District (DHCHD) discovered a potential data security incident affecting portions of its computer network. The organization immediately initiated containment protocols, notified law enforcement agencies, and engaged a third-party cybersecurity forensic firm to investigate the breach. Forensic analysis confirmed unauthorized access to DHCHD's systems occurred between September 27-28, 2022, during which threat actors exfiltrated files containing protected patient information. The compromised data included patient names, Social Security numbers, health insurance details, demographic information, and medical records. DHCHD conducted a comprehensive review of the affected files to identify impacted individuals and the specific types of data exposed per patient. On November 23, 2022, the organization formally reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights and simultaneously mailed data breach notification letters to all affected patients. The hospital district also published a Notice of Data Incident on its official website to provide public transparency about the event.
The breach exposed sensitive health information of patients across DHCHD's network of healthcare facilities, including Coon Memorial Hospital, Dalhart Physical Therapy and Sports Medicine, Dalhart Family Medicine Clinic, and four other affiliated medical providers in the Dalhart, Texas region. Forensic investigators determined the attackers specifically targeted and removed files containing confidential patient data, though the exact number of affected individuals remains undisclosed. As a healthcare provider generating $23 million annually with over 223 employees, the incident impacted multiple operational divisions within the hospital district's infrastructure. The compromised information types—particularly Social Security numbers and medical records—created significant risks for identity theft and healthcare fraud against patients. DHCHD's response included coordinated efforts with cybersecurity professionals to secure systems, regulatory compliance through timely HHS reporting, and direct patient communications outlining the breach's scope. No additional details regarding attacker methodologies, network vulnerabilities, or post-incident security enhancements were disclosed in the available public filings and notices.