Some 1.4 million records relating to students, staff and patients at the Texas Tech University’s Health Science Center and El Paso Health Sciences Center have been stolen in an apparent ransomware attack.

Officially, the attack is described as a “cybersecurity event” by the university and took place in September. According to a statement from Texas Tech University, they “identified issues that resulted in a temporary disruption to some computer systems and applications” and then subsequently took steps to ensure the security of the network, including launching an investigation.

The investigation subsequently found that between Sept. 17 and 25, the “cybersecurity event” that caused the “technology issues” resulted in access or removal of certain files and folders from the Health Science Center’s network.

The stolen data included names, dates of birth, addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers, financial account information, health insurance information and medical information, including medical records numbers, billing or claims data, and diagnosis and treatment information.

The university is in the process of notifying individuals whose information may be involved in the “incident.” Those affected are being offered complimentary credit monitoring services.

Unfortunately, in 2024, hacks and ransomware attacks happen, even to organizations with the best intentions of trying to prevent them. What makes a difference when such attacks occur is for the victim to be upfront, honest and quick to disclose — none of which Texas Tech University has been.

The data theft occurred in September and yet the university is only now disclosing it. Worse still, it’s not being remotely honest about what occurred. The Interlock ransomware group has already publicly taken credit. Honesty doesn’t cost anything and it goes a long way in maintaining some level of trust with users — in this case, the 1.4 million students, staff and patients affected by the theft of their personally identifiable information.

“The attack was claimed by Interlock Ransomware, a group believed to be linked to Rhysida ransomware, which emerged in September 2024,” Andrew Costis, engineering manager of the Adversary Research Team at breach and attack simulation firm AttackIQ Inc., told SiliconANGLE via email. “The vast amount of sensitive patient data stored within healthcare organizations makes them a dangerous target for ransomware groups, with the potential for far-reaching consequences. These attacks can cripple organizational operations and, more importantly, compromise patient health and safety.”

To mitigate future risks and strengthen defenses, he added, “healthcare organizations must treat these incidents as a learning opportunity. By utilizing the tactics, techniques and procedures employed by threat groups, organizations can proactively test their systems against these attacks and identify any vulnerabilities before attackers exploit them.”

Image: SiliconANGLE/Ideogram