Cyber Incident Victim: Physicians Business Office

On July 26, 2022, Family Health Centers (FMC), a Texas-based operator of four primary care clinics in Amarillo and Canyon, detected suspicious activity within its network systems. The organization identified and halted the incident on the same day it was discovered. FMC promptly engaged independent IT security and forensic specialists to conduct an investigation into the nature and scope of the unauthorized network access. The investigation aimed to determine whether sensitive data had been accessed or exfiltrated during the breach event. FMC maintained operational continuity across its clinical network while addressing the security incident.

Forensic investigators could not confirm evidence of specific data access or theft but were unable to eliminate the possibility that attackers viewed or acquired patient information. The compromised systems contained personally identifiable information and protected health information belonging to 233,948 individuals. Exposed data elements included full names, mailing addresses, Social Security numbers, dates of birth, and clinical health records. FMC reported the breach to the U.S. Department of Health and Human Services as required under HIPAA regulations. The organization published a public breach notification on its official website to inform affected individuals about the potential exposure of their sensitive data. No ransomware deployment or explicit ransom demands were referenced in the disclosed incident details.