Cyber Incident Victim: Clinic of North Texas
Date:
Nov 2021
Location:
United States of America
Summary
A cyberattack targeted the Clinic of North Texas, compromising a system folder containing patient names, addresses, dates of birth, and limited health information. The organization engaged a forensics firm, confirmed unauthorized access, and responded by changing administrator passwords, implementing two-factor authentication, and deploying enhanced endpoint detection tools. Approximately 244,174 individuals had protected health information potentially exposed, with complimentary credit monitoring offered to those affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 9, 2021, Clinic of North Texas in Wichita Falls experienced a cyberattack in which unauthorized actors gained access to its systems. The attackers compromised a folder containing patient data stored on the clinic’s infrastructure. Following the breach discovery, the clinic engaged a third-party computer forensics firm to investigate the incident’s nature, scope, and potential data exfiltration. The forensic analysis confirmed unauthorized access to files containing patient names, addresses, dates of birth, and limited health information. No explicit evidence confirmed whether the attackers successfully exfiltrated this data, though the compromise of the folder’s contents was verified. The clinic did not disclose the initial detection method but emphasized immediate containment efforts post-discovery. The U.S. Department of Health and Human Services’ Office for Civil Rights later listed the incident on its breach portal, indicating 244,174 individuals had their protected health information potentially exposed. This figure represented the total affected population under HIPAA reporting requirements.
In response to the breach, Clinic of North Texas implemented multiple technical and administrative measures to secure its systems and mitigate further risks. These actions included changing all administrator passwords, deploying two-factor authentication across relevant systems, and installing endpoint detection, response, and threat hunting tools to enhance network monitoring. The clinic notified affected individuals and offered complimentary credit monitoring memberships to assist with potential identity theft or fraud concerns. No ransomware payment or extortion demand was disclosed in relation to this specific incident, distinguishing it from the contemporaneous Horizon Actuarial Services breach detailed in the same article. The clinic’s public statement focused on procedural improvements without elaborating on prior security deficiencies. The forensic investigation’s conclusion marked the endpoint of confirmed breach-related activities, with no subsequent updates indicating ongoing threat actor access or data misuse.