Cyber Incident Victim: Questcare Medical Services

On February 13, 2019, Questcare Medical Services identified unauthorized access to an employee's email account by a third party, triggering a security incident affecting patients in the Dallas/Fort Worth/Arlington region of North Texas. The organization initiated an internal investigation following the discovery but did not publicly disclose the breach until April 12, 2019. The compromised email account contained personal information belonging to patients, though the specific data elements exposed were not detailed in public statements. Questcare did not reveal how the unauthorized access was detected or whether the breach involved malware, phishing, or other attack vectors. The timeline between the initial intrusion (February 13) and public notification (April 12) suggests a 58-day investigation period before confirmation of impacted individuals.

Questcare formally notified potentially affected patients following its internal review, though the total number of individuals impacted remains undisclosed. The organization implemented additional security measures to prevent future incidents but provided no technical specifics regarding these enhancements. Geographic impact was confined to patients in North Texas, with no evidence suggesting broader national exposure. No ransomware demands, data misuse, or fraudulent activity tied to the breach were reported in available sources. The incident description parallels a contemporaneous breach at Dakota County, Minnesota, though no direct connection between the two events was established. Questcare's public response consisted of a brief statement acknowledging the incident without detailing remediation offers to affected patients such as credit monitoring.