When was the TCIDA data breach discovered?

The breach was first detected on July 19, 2024. The BianLian ransomware group later claimed responsibility for the attack on August 14, 2024.

Which ransomware group was responsible for the TCIDA attack?

The BianLian ransomware group claimed responsibility for the attack on August 14, 2024, approximately one month after the initial breach discovery.

What patient information was compromised in the TCIDA breach?

The compromised data includes names, Social Security numbers, dates of birth, driver's license numbers, medical record numbers, Medicare/Medicaid numbers, health insurance numbers, and medical or treatment information.

How many patients were affected by the TCIDA data breach?

The number of affected individuals has not been disclosed by TCIDA. The identity of the breached third-party billing vendor has also not been revealed.

Why was there such a long delay in notifying patients?

The delay of nearly a year between the breach discovery in July 2024 and patient notification in June 2025 has not been explained by TCIDA. This extended timeline raises questions about the investigation and notification process.

How did the breach occur at TCIDA?

The breach was caused by a cybersecurity incident at TCIDA's former third-party billing vendor, not directly at TCIDA's own systems. This highlights the risks associated with third-party vendors who have access to sensitive patient data.

What response actions did TCIDA take after the breach?

TCIDA engaged cybersecurity experts to conduct an investigation into the incident and implemented enhanced security measures to minimize the risk of similar incidents occurring in the future.

What type of medical practice is TCIDA?

Texas Centers for Infectious Disease Associates (TCIDA) is a Fort Worth-based medical practice that specializes in infectious disease diagnosis and treatment.

What should affected TCIDA patients do to protect themselves?

Affected patients should monitor their financial accounts and medical statements for suspicious activity, consider placing fraud alerts or credit freezes with credit bureaus, be cautious of medical identity theft, review Medicare/Medicaid statements for unauthorized services, and report any suspicious activity to authorities and their insurance providers.

Is this breach related to TCIDA's own IT systems?

No, the breach occurred at TCIDA's former third-party billing vendor, not at TCIDA's own IT systems. This type of supply chain attack demonstrates how healthcare providers can be affected by security incidents at their business partners and vendors.

Incident

Texas Centers for Infectious Disease Associates reports third party data breach

published: June 28, 2025

Learn More

Texas Centers for Infectious Disease Associates (TCIDA), a Fort Worth-based medical practice specializing in infectious disease diagnosis and treatment is reporting a data breach caused by a cybersecurity incident at their former third-party billing vendor.

The breach was first detected on July 19, 2024, and was later attributed to the BianLian ransomware group. The gang claimed responsibility for the attack on August 14, 2024. The medical practice engaged cybersecurity experts to conduct an investigation and implemented enhanced security measures to minimize the risk of similar incidents occurring in the future.

The compromised data includes:

Names
Social Security numbers
Dates of birth
Driver's license numbers
Medical record numbers
Medicare/Medicaid numbers
Health insurance numbers
Medical or treatment information

The number of affected individuals and the breached third party have not been disclosed.

Nearly a year after the initial discovery, TCIDA issued a public press release on June 27, 2025, and began mailing notification letters to affected patients for whom they have current addresses. The delay in notification is not explained.

Update - as of 9th of July 2025, TCIDA reports that a total of 19,217 individuals were affected.

Texas Centers for Infectious Disease Associates reports third party data breach

Read More
American Addiction Centers reports data breach
QualDerm Partners Data Breach Impacts 3.1 Million Patients
CLEAResult reports MOVEit related data breach
Marlboro-Chesterfield Pathology hit by SafePay ransomware, compromises 235K …
Ransomware attack on Great Plains Regional Medical Center