Home Care Providers of Texas (DPP II, LLC), has disclosed a ransomware incident to the Texas Attorney General’s Office.
According to their notification, unnamed threat actors accessed patient information between June 25 and June 29. The breach was detected on June 29 when files were encrypted.
In addition to encrypting some files, the threat actors also exfiltrated some files. The patient information involved included names, addresses, dates of birth, social security numbers, certain treatment or diagnosis information, and certain medication information.
HCPT’s substitute notice can be found on its website, clearly linked from its home page.
DataBreaches has not seen any mention of this entity on any dark web leak site even though it is now more than six months since data were exfiltrated. HCPT’s notice does not indicate whether they had responded to any ransom demand.
Although the total number of patients affected was not included in their notice, their report to the Texas Attorney General indicated that 124,363 Texas residents were affected. The incident does not appear on HHS’s public breach tool at time of publication.