Cyber Incident Victim: AccelHealth

On December 15, 2021, Cross Timbers Health Clinics, operating as AccelHealth, experienced a ransomware attack that disrupted access to specific files and folders within its network. The Federally Qualified Health Center, based in Brownwood, Texas, initiated an investigation with third-party forensic specialists, revealing unauthorized actors first infiltrated the network on December 9, 2021. Attackers maintained network access for six days, during which they potentially viewed or obtained files containing sensitive patient information. A comprehensive review of compromised systems confirmed the exposure of protected health information belonging to 48,126 individuals. The forensic analysis identified no evidence of data exfiltration from AccelHealth’s systems.

The compromised data included patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, health insurance information, medical record numbers, and treatment or diagnosis records. AccelHealth stated no reports indicated actual or attempted misuse of patient data at the time breach notifications were issued. In response, the organization implemented additional technical security measures to prevent future cyber incidents and provided affected individuals with complimentary credit monitoring services. The breach was reported to the HHS Office for Civil Rights, reflecting the confirmed impact on 48,126 patients. AccelHealth’s remediation efforts focused on securing network vulnerabilities exploited during the intrusion period from December 9 to December 15.