Texas Tech Cyberattack: 1.4M Records Compromised

1.4 Million Records Exposed – Texas Tech Health Breach Reveals Sensitive Data, and Interlock Ransomware Group Claims Responsibility.

In September 2024, Texas Tech University Health Sciences Center (TTUHSC) and its El Paso counterpart experienced a serious security breach that compromised the personal and medical information of around 1.4 million people. This data privacy breach is one of the largest in recent history, unfortunately highlighting the vulnerabilities in cybersecurity best practices across educational institutions.

The Texas Tech data breach was identified in September 2024 when TTUHSC detected unauthorized access to its network, leading to disruptions in computer systems and applications. The investigation revealed that the attackers had access to the network between September 17 and September 29, 2024, during which they exfiltrated sensitive data, including medical records compromised by the attack.

September 17-29, 2024 – Unauthorized access to TTUHSC’s network occurred during this period.

Late September 2024 – TTUHSC discovered the Texas Tech security breach following disruptions in their computer systems and initiated an investigation.

October 27, 2024 – The Interlock ransomware group claimed responsibility for the attack and began leaking the stolen data online, including medical records compromised in the breach.

The breach affected multiple systems within TTUHSC, leading to temporary disruptions in computer systems and applications.

The Texas Tech security breach impacted approximately 1.4 million individuals associated with TTUHSC. This included patients from both the Lubbock and El Paso campuses. Specifically, 650,000 individuals from the Lubbock campus and 815,000 from the El Paso campus were affected. The compromised data included a wide range of personal and medical information, such as:

• Full names
• Dates of birth
• Physical addresses
• Social security numbers
• Driver’s license numbers
• Government-issued identification numbers
• Financial account information
• Health insurance details
• Medical records compromised, including billing/claims data and diagnosis and treatment information

The root cause of the Texas Tech data breach is still being investigated, but based on the available information, it likely comes down to one of two possible scenarios:

1. The attackers exploited vulnerabilities within TTUHSC’s network infrastructure. This could include outdated software, unpatched systems, or misconfigured security settings that provided an entry point for unauthorized access.
2. It’s also possible that third-party vendors or partners with access to TTUHSC’s systems were compromised, providing a backdoor for attackers. Supply chain attacks have become quite common, where threat actors target less secure partners to gain access to primary targets.

The Texas Tech security breach exposed 1.4 million individuals to immediate risks of identity theft, financial fraud, and medical identity theft due to the theft of social security numbers, financial account details, and medical records compromised in the attack.

Operational disruptions paralyzed systems, including patient portals and communication platforms, delaying medical services and academic operations across TTUHSC campuses.

Long-term repercussions include reputational damage to Texas Tech University’s healthcare and education systems, potentially eroding public trust. Legal ramifications are already happening, with multiple class-action lawsuits under investigation for alleged negligence in protecting sensitive data.

Regulatory penalties from the U.S. Department of Health and Human Services are anticipated, given the scale of exposed protected health information.

Upon detecting the Texas Tech security breach, TTUHSC immediately activated its Texas Tech cybersecurity response plan. This included isolating affected systems, engaging third-party cybersecurity firms, and initiating forensic analysis. The university filed mandatory breach reports with federal regulators and began mailing notifications to all 1.4 million impacted individuals by December.

As part of its Texas Tech cybersecurity response, affected parties were provided access to a dedicated call center for breach-related inquiries, credit monitoring, and guidance on protecting their personal information.

Post-incident, TTUHSC strengthened its Texas Tech cybersecurity response by implementing threat detection systems, revising vendor access protocols, and conducting enterprise-wide security audits. The institution also partnered with legal firms to manage potential litigation and updated its incident response plan to address ransomware-specific scenarios.

While the exact entry point is still being investigated, attackers had a 12-day window (September 17–29, 2024) to move undetected, pointing to failures in real-time monitoring. On top of the data exposure, extended system outages impacting patient portals and billing show how weak incident response planning can turn a breach into a full-blown operational crisis. This incident shows the clear importance of cybersecurity best practices, like:

• Network segmentation to restrict lateral movement
• Real-time monitoring to detect unauthorized access
• Strict access controls (MFA + least-privilege principles)
• Mandatory encryption of stored social security numbers and medical records
• Regular third-party vendor security audits

The Texas Tech security breach could have been mitigated through stronger adherence to cybersecurity best practices. Network segmentation, real-time monitoring, and strict access controls are necessary to prevent educational institutions data breaches.

Additionally, mandatory encryption of sensitive data and regular ransomware-specific incident response drills would have reduced exploit opportunities and accelerated containment.

For individuals affected by this data privacy breach, following identity theft protection tips – such as monitoring credit reports, enabling fraud alerts, and using identity theft protection services—can help mitigate the risks.

Cyberthreats are becoming more and more sophisticated, ranging from advanced malware to insider attacks. BlackFog offers comprehensive protection against these evolving threats.

Our Enterprise ADX solution leverages AI based algorithms to identify unusual behavior and prevent data exfiltration, stopping ransomware and insider threats across all endpoints 24/7 without the need for human intervention.

Discover how BlackFog protects enterprises against ransomware threats.