535,489 Patients’ Data Compromised in Texas ENT Breach

A hacker extracted the protected health information (PHI) of 535,489 patients from Texas ENT Specialists in August 2021. Although the Texas ENT breach occurred in August, it was not listed on the Office for Civil Rights portal until December 2021.

Aftermath of Texas ENT Breach

In the wake of the hack, Texas ENT Specialists leadership reported the addition of safeguards and technical measures to strengthen their existing privacy and security program. In a statement regarding the breach, Texas ENT said, “We take patient privacy very seriously and we regret any inconvenience this incident may cause our patients and their families. To help prevent something like this from happening again, we are further strengthening our existing privacy and information security program by implementing additional safeguards and technical security measures to protect and monitor our systems.”

Under the HIPAA Breach Notification Rule, a breach of this magnitude requires all affected patients to be notified within 60 days of the discovery of the breach. According to Texas ENT, breach notification letters were mailed to affected individuals on December 10, 2021. 

Although all breaches of unsecured PHI are reportable under HIPAA, not all breaches are the result of violations, but those that are can result in substantial fines for the organizations at fault. It is yet to be determined whether the breach was the result of a HIPAA violation. 

The risk of breaches grows with every passing day. Becoming and remaining HIPAA compliant is the cornerstone of shielding or limiting the negative consequences of a breach on your enterprise. 

Our team of HIPAA experts is available to help you evaluate your current state of HIPAA compliance and give you peace of mind about where you stand.