Texas medical school notifies 1.5 million people of two data breaches that compromised SSNs, medical records, and financial info

Texas Tech University Health Sciences Center over the weekend confirmed it notified almost 1.5 million people about two data breaches that occurred in September.

The medical school notified 650,000 people following a breach at the main TTUHSC campus in Lubbock, Texas, and 815,000 people for another breach at the school’s El Paso branch.

The following patient info was compromised:

• Names
• Social Security numbers
• Financial account info
• Health insurance info
• Medical record numbers
• Billing and claims data
• Diagnoses and treatment info
• Dates of birth
• Addresses
• Government-issued ID numbers (driver’s licenses, passports)

Ransomware group Interlock claimed responsibility for the breaches in October, saying it stole 3.2 TB of data. The group posted images of what it says are stolen documents on its leak site.

Texas Tech has not verified Interlock’s claim. We do not yet know whether TTU paid a ransom, how much Interlock demanded, or how attackers breached TTU’s network. TTUHSC declined to answer Comparitech’s questions, saying, “At this time, the HSCs will not be making further comments until the investigation is complete.”

TTUHSC cancelled classes across multiple campuses in Amarillo, the Permian Basin, Abilene, Dallas, and El Paso in the wake of the attack. Texas Tech Physicians, a part of the Health Sciences Center, lost phone lines and online communications through its patient portal. Classes resumed on October 16 but email systems remained down and disruptions continued for more than a month.

The medical school’s notice to victims states, “The investigation confirmed that a cybersecurity event caused the technology issues, resulting in access to or removal of certain files and folders from the HSCs’ network between September 17 and September 29, 2024.”

TTUHSC is offering eligible victims free credit monitoring services.

Who is Interlock?

Interlock is a new ransomware gang that first started adding targets to its leak site in October 2024. Since then, Comparitech researchers have logged four confirmed ransomware attacks claimed by the group, and another three that haven’t been acknowledged by targets.

Interlock’s other confirmed targets include Winnebago Public Schools; the Wayne County, Michigan local government; and Smeg Group, a manufacturer in Italy.

Ransomware attacks on US healthcare and education

Ransomware attacks on healthcare organizations can disrupt day-to-day operations and force hospitals, clinics, and other healthcare providers to divert patients and cancel appointments. Ransomware can cripple systems used for prescriptions, billing, payroll, and appointment booking. Many ransomware groups also steal data that can be used to later extort hospitals for even more money.

Comparitech tracked 137 confirmed ransomware attacks on US hospitals, clinics, pharmaceutical companies, and medical device manufacturers in 2024.

Ransomware attacks on schools, universities, and other educational institutions can force administrators to cancel classes until systems are restored. Ransomware can cripple systems used for grades, assignments, attendance, communication, payroll, and more. Many ransomware groups also steal data that can be used to later extort schools for even more money.

Comparitech researchers logged 65 confirmed ransomware attacks on schools and universities so far in 2024. This attack on TTUHSC is the largest on a school this year by number of records compromised, and the sixth-largest on a medical institution.

About TTUHSC

TTUHSC is both a university and hospital system that conducts biomedical and clinical research. It claims to graduate the most healthcare professionals in Texas–28,000, according to its website. It has campuses in Amarillo, Lubbock, El Paso, Abilene, Midland, Odessa, and Dallas.