Texas University Health Sciences Center (TTUHSC) and Texas Tech University Health Sciences Center El Paso have disclosed a data breach that may affect the personal information of individuals connected to their systems. This incident occurred between September 17 and September 29, 2024, and caused temporary disruptions to some computer systems and applications while exposing 2.1 million files totalling 2.6 TB stored on the centres’ networks.
The breach was first identified in September 2024 when the Health Sciences Centers (HSCs) detected unusual activity that compromised some digital infrastructure. A subsequent investigation revealed that unauthorised access had been gaining, resulting in the removal or exposure of certain files and folders.
The notorious Interlock ransomware gang took responsibility for the hack. The hacked materials are available for download on a dark web forum, reports BleepingComputer.
These files contained personal data, including names, dates of birth, physical addresses, Social Security numbers, driver’s license or government-issued identification numbers, financial account details, health insurance information, and sensitive medical records such as diagnosis and treatment officials.

Upon discovery, the HSCs immediately initiated steps to secure their network and launched a review to identify the affected systems and individuals. They are now in the process of notifying those whose information may have been compromised.
“Out of an abundance of caution and as part of the direct notification, the HSCs are providing potentially affected individuals with access to complimentary credit monitoring services. Individuals seeking additional information about this event can contact the toll-free dedicated assistance line at 1-866-902-1996 available Monday through Friday from 8 a.m. to 8 p.m. Central Time, excluding major U.S. holidays,” the university said.
The HSCs offer complimentary credit monitoring services to potentially impacted individuals to mitigate the incident’s potential fallout. Additionally, they have taken measures to bolster their cybersecurity defences by revisiting existing security policies, enhancing monitoring systems, and implementing new safeguards.
For affected individuals, the university has recommended reviewing bank statements, credit reports, and health insurance billing for any suspicious activity. Furthermore, individuals should utilise free credit reports, place a one-year fraud alert on their credit file, or opt for a credit freeze.
In the News: Phishing campaign targets Kaiser Permanente employees using Google Ads