Cyber Incident Victim: Texas ENT Specialists
Date:
Aug 2021
Location:
United States of America
Summary
A ransomware attack compromised Texas ENT Specialists, with unauthorized access occurring over several days and resulting in data exfiltration. The breach impacted approximately 535,000 individuals, exposing protected health information such as names, dates of birth, medical record numbers, and procedure codes; a subset also had Social Security numbers stolen, though electronic medical records remained unaffected. Affected individuals were notified months later, with those experiencing Social Security number exposure offered complimentary credit monitoring services. The organization implemented enhanced security measures and monitoring following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) detected a cyberattack on October 19, 2021, prompting immediate action to halt unauthorized system access. The organization engaged a third-party cybersecurity firm to investigate the incident. Forensic analysis determined attackers initially breached the systems on August 9, 2021, maintaining access until August 15, during which they copied and exfiltrated files. A subsequent review of compromised files confirmed the theft of protected health information belonging to 535,489 patients. The stolen data included names, dates of birth, medical record numbers, and procedure codes. A subset of individuals additionally had their Social Security numbers exposed in the breach. The attackers did not compromise Texas ENT Specialists' electronic medical record system, which remained unaffected throughout the incident. The unauthorized access period spanned six days, allowing extensive data exfiltration before detection. No ransomware deployment or encryption of systems was mentioned in the disclosed findings. The delay between initial intrusion (August 9) and detection (October 19) indicated a 71-day dwell time before discovery.
Texas ENT Specialists mailed breach notification letters to all affected individuals on December 10, 2021, approximately seven weeks after detecting the incident. Patients whose Social Security numbers were stolen received offers for complimentary membership to Experian’s identity theft monitoring service. The organization publicly confirmed implementing additional technical security measures following the attack, though specific controls were not detailed. Strengthening of its privacy and information security program was cited as a corrective action. No evidence suggested patient data misuse beyond the confirmed exfiltration. The breach response included collaboration with cybersecurity experts for forensic analysis and remediation. Operational impacts beyond data theft were not disclosed in available reports. Notification timing complied with HIPAA’s 60-day requirement from discovery (October 19) to notification (December 10). The incident exclusively affected Texas ENT Specialists’ systems, with no reported third-party business associate involvement.