Cyber Incident Victim: Baylor Scott & White Medical Center

On September 29, 2018, Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI) and affiliated with Baylor Scott & White Health, discovered unauthorized access to a third-party vendor's credit card processing system used for patient billing. The hospital promptly terminated credit card processing through the vendor and initiated an investigation, which determined the intrusion occurred between September 22 and September 29, 2018. Approximately 47,000 patients or guarantors were affected by the breach of payment information. The compromised vendor system contained partial credit card details but did not store complete Social Security numbers or medical record information. No evidence indicated further disclosure or misuse of the accessed data by unauthorized parties following containment.

The breach exposed personal and financial data including names, mailing addresses, telephone numbers, dates of birth, medical record numbers, dates of service, insurance provider details, account numbers, last four digits of credit cards, CCV numbers, credit card types, recurring payment dates, account balances, invoice numbers, and transaction statuses. Clinical systems and medical information remained unaffected, with no impact to other Baylor Scott & White facilities. As a precaution, the hospital arranged complimentary one-year credit monitoring services through TransUnion Interactive. Affected individuals were notified via mailed letters and directed to a dedicated phone line (1-833-836-9900) for inquiries during specified weekday hours. Baylor Scott & White and USPI emphasized their commitment to safeguarding information while confirming the incident was isolated to the third-party vendor's compromised payment infrastructure.