Jan. 25, patients attempting to receive services reported that “Baptist Hospital computers have been hacked and are down,” also relaying that, while delayed, care was received.
“We have been able to continue to provide patient care with no issues,” Christine Stark, a Registered Nurse at Baptist Hospital, reassured the masses online. “No need to even stress about the charting side. We have it under control and are just doing things the way we did a long time ago!”
Baptist Hospitals of Southeast Texas confirmed a breach in its technical systems via a statement issued Jan. 27 by Stephanie Harris, Vice President of Marketing:
“Baptist recently detected an issue that impacted the operability of its network environment. We are currently investigating to determine the nature and extent of the issue and working to restore impacted systems as quickly as possible.
“Temporary interruptions are expected during this investigation and restoration period, but we continue to serve the community.
“Baptist wants to assure you that the privacy and security of information in our care is one of our top priorities. Should we determine this incident impacted the security of information on our systems, we will move quickly to notify any impacted parties consistent with applicable law.
We are thankful for our internal and external partners who have been so diligent in keeping patient care as the highest priority.”
In a subsequent interview, Harris said the hospital and emergency room remained open.
“Overall, patients should not experience extended waiting periods to see providers,” said Harris.
As of press time, registration and billing systems were online but several procedures were suspended and rescheduled. Harris said that, while testing results are being processed manually at this time, the continual focus remained on providing patient care.
In unrelated but similar local news, less than two months ago, Acadian Ambulance began notifying customers in November 2024 of what they referred to as “a data privacy event” identified June 21, 2024, according to a statement issued by the company.
Aug. 20, 2024, Acadian Ambulance reported to the U.S. Department of Health and Human Services Office for Civil Rights, the “hacking/IT incident” involved protected health information of 2,896,985 persons.
The investigation determined there was unauthorized access to Acadian’s network between June 19, 2024, and June 21, 2024, and that certain files and folders were or may have been taken without authorization during that time.
According to Acadian, the information affected may have included names, addresses, social security numbers, dates of birth, medical information collected during the intake process, and more.
“The types of information impacted were not the same for each person,” Acadian advised in a letter sent to patients.
According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, breaches of protected health information affecting 500 or more individuals must be made public. The following regionally relevant breaches have been reported and are listed as cases currently under investigation:
Jan. 16, 2025, Texas Health and Human Services Commission reported unauthorized access/disclosure affecting 61,104 individuals.
Dec. 20, 2024, In-Home Attendant Services Ltd. of Texas reported a hacking/IT incident within its network server affecting 22,000 individuals. In-Home Attendant Services, is a Houston-based company coordinating Medicaid-funded attendant care services. Within Jefferson County, the company provides services to patients within the STAR, Star PLUS, STAR Kids, and CHIP programs.
According to HHS reports, and taking into account only incidents reported within the last 24 months, 782 hacking/IT incidents reportedly affecting protected health information of more than 500 individuals are currently under investigation nationwide, and 66 in Texas alone.