Harris Health System patient and staff exposed in MOVEit related data breach

Harris Health System, based in Harris County, Texas, has reported that it was targeted in the MOVEit vulnerability, potentially exposing patient and employee information.

The breach was first discovered on June 2.

Harris Health has taken immediate action to address the vulnerability and secure the affected data, ensuring that operations and patient care have not been affected.

Update - while the breached information varies depending on the individual, it may include

• name;
• address;
• date of birth;
• Social Security number;
• medical record number;
• immigration status;
• driver’s license number;
• other government-issued identification number;
• health insurance information
• protected health information.

The healthcare system is currently assessing the full extent of the incident and plans to notify all individuals impacted by the breach in the coming weeks. Harris Health will also comply with legal requirements by directly notifying those whose information was involved.

The exact number of affected patients is not yet known but Harris Health's extensive volume of work for the fiscal year 2022 indicate a potentially significant scope of impact.