Greater Dallas Healthcare Enterprises reports Data Breach exposing patient data

Greater Dallas Healthcare Enterprises (“GDHE”) reported a data breach incident in which an unauthorized third party had gained access to an employee’s email account, potentially exposing consumers’ sensitive data.

On August 11, 2023, GDHE they discovered unauthorized access to a medical assistant’s Microsoft 365 email account. They contained the incident and initiated an investigation to ascertain the extent of compromised patient data. The compromised Office365 account is distinct from Greater Dallas Healthcare’s internal network and systems, which were not affected by this incident.

The investigation confirmed that the unauthorized third party accessed the medical assistant’s email account between July 28, 2023, and August 15, 2023, providing them access to certain files, including personal information. Evidence suggested that the hackers removed some of this data.

The breached data varied from person to person and may include

• names,
• dates of birth,
• addresses,
• medical and treatment information,
• billing information,
• claims information.

No details are disclosed about the number of affected individuals nor the nature of the attack.

On October 2, 2023, GDHE began dispatching data breach letters to individuals impacted by this recent data security incident, providing them with a comprehensive list of the compromised information pertinent to them.