Texas Tech University Health Sciences Center is notifying patients of a potential breach of information held by Eye Care Leaders Inc. (ECL).
ECL is a third-party service provider of an Electronic Medical Records (EMR) system utilized by TTUHSC. The service provider reports that the security incident affecting ECL’s databases and files took place on Dec. 4, 2021. ECL reported that it detected the incident in less than 24 hours, disabled the compromised system, and initiated an investigation.
On April 19, ECL provided TTUHSC final results of a forensics investigation into the security incident, which confirmed that some of the compromised databases and files contained patient records. Although no evidence could be found that such records were exfiltrated or used by unauthorized individuals, the possibility could not be definitively ruled out due to insufficient log files, a news release said.
ECL’s compromised databases and files may have contained the following information: name, address, phone numbers, driver’s license number, email, gender, date of birth, medical record number, health insurance information, appointment information, social security number, as well as medical information related to ophthalmology services received at TTUHSC.
Meanwhile, the forensics investigation revealed that databases and files compromised as part of the incident did not include credit card or financial information, the release said.
TTUHSC has provided access to a toll-free number at 855-891-1998 available Monday through Friday 8 a.m. to 10 p.m. and Saturday through Sunday from 10 a.m. to 7 p.m. (CDT) for patients who may have questions.
TTUHSC has not received any further indication that any patient information has been accessed or used without authorization. However, patients may call any of the three major credit bureaus to request credit information or request a credit file fraud alert, the release said.
Patients who receive a notification letter may also utilize a complimentary 12-month membership to Experian’s IdentityWorksSM, which provides identity theft detection and resolution of identity theft. More information about how to enroll and details of the complimentary service is included in patient notification letters.
TTUHSC will continue to monitor this incident by engaging information technology experts and legal counsel. This incident has also been reported to the U.S. Department of Health and Human Services and state regulators, as applicable.