Lubbock Heart & Surgical Hospital Reports Data Breach Affecting 23,379 Patients

Console and Associates, P.C.

On September 9, 2022, Lubbock Heart & Surgical Hospital filed official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights following a data security incident that disrupted the hospital’s computer network. According to Lubbock Heart Hospital, the breach resulted in the following patient data being compromised: names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, Medical Record Numbers, provider names, dates of service, and health insurance information. Recently, Lubbock Heart Hospital sent out data breach letters to 23,379 patients, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

What We Know About the Lubbock Heart & Surgical Hospital Data Breach

Information on the Lubbock Heart Hospital breach comes from the hospital’s official filing with the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the hospital’s website. According to these sources, on July 12, 2022, hospital administration learned of a data security incident that had impacted the functionality of its IT network. In response, the hospital secured its systems, notified law enforcement, and then began working with outside cybersecurity specialists to investigate the incident.

The hospital’s investigation confirmed that an unauthorized party had gained access to its IT system on July 11, 2022, and that the unauthorized access was terminated on July 12, 2022. However, the investigation also revealed that sensitive patient data may have been accessed and copied from the hospital’s network.

Upon discovering that sensitive patient data was accessible to an unauthorized party, Lubbock Heart & Surgical Hospital then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, contact information, demographic information, date of birth, Social Security number, diagnosis and treatment information, prescription information, medical record number, provider names, dates of service, and health insurance information.

On September 9, 2022, Lubbock Heart & Surgical Hospital sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, the Lubbock Heart & Surgical Hospital data breach leaked the information of 23,379 patients.

More Information About Lubbock Heart & Surgical Hospital

Founded in 2003, Lubbock Heart & Surgical Hospital is a physician-owned hospital system based in Lubbock, Texas. Lubbock Heart & Surgical Hospital provides patients with a wide range of services, including physical therapy, cardiology, cardiothoracic surgery, urology, gastroenterology, pulmonology, endocrinology, radiology, emergency services, laboratory service, pharmacy, critical care medicine, general surgery, bariatric surgery, plastic surgery, and vascular surgery. Lubbock Heart & Surgical Hospital employs more than 352 people and generates approximately $37 million in annual revenue.

Healthcare Data Breaches Pose Additional Risks Victims Should Be Aware Of

The Lubbock Heart & Surgical Hospital data breach is just the most recent example of a healthcare data breach. In fact, healthcare providers have been one of the most frequently targeted organizations in 2022. As cybercriminals and other bad actors continue to focus their efforts on obtaining patients’ protected health information, it is important for data breach victims to understand both what is at risk and what their options are in the wake of a healthcare cyberattack.

The primary reason why healthcare data breaches are so dangerous is that they typically compromise patients’ protected health information. Protected health information, called PHI for short, is demographic information, test and laboratory results, mental health information, medical history information, insurance information and other data that healthcare professionals collect when treating a patient. The collection and use of protected health information are controlled by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

However, not all healthcare-related data is considered “protected health information.” For health information to be considered “protected,” it has to contain an identifier. HIPAA provides for 18 different identifiers, the most common of which are:

  • Names;

  • Addresses (more specific than a state);

  • Social Security numbers;

  • Dates (more specific than just a year), such as a patient’s birthdate or admission date;

  • Email addresses;

  • Phone numbers;

  • Medical record numbers;

  • Health plan beneficiary numbers;

  • Account numbers;

  • Vehicle identifiers;

  • Internet protocol (IP) addresses;

  • Biometric IDs, such as fingerprints or voice prints;

  • Full-face photographs and other photos of identifying characteristics; and

  • Any other unique identifying characteristic.

Healthcare data breaches are very concerning based on the fact that this information is incredibly personal. However, aside from the privacy risks, there is also a very real danger of physical and financial harm. Hackers who obtain protected health information may sell the information to another person, who can then use the stolen patient data to obtain healthcare services under the patient’s name. This not only leaves the victim responsible for the bill but can also lead to misleading and incorrect information being added to their medical records.

Those who believe their protected health information was compromised in a data breach should reach out to an experienced data breach lawyer to discuss their options.

If you or a loved one recently obtained treatment at Lubbock Heart Hospital, you may be among those whose information was compromised. Unfortunately, this also means the hackers responsible for the attack may be in possession of your personal information, including your Social Security number. To learn more about what you can do to reduce the risk of identity theft and what your legal options are in the wake of the Lubbock Heart Hospital breach, you can review our recent post on the topic here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide