Texas Tech University is notifying over 1.4 million individuals that their personal information was stolen in a ransomware attack targeting its Health Sciences Center and Health Sciences Center El Paso.
The incident was discovered in September, after some of its computer systems and applications were temporarily disrupted as result of a cyberattack.
After securing its systems, the university discovered that the attackers had access to its network from September 17 to September 29, 2024, and that they exfiltrated certain files and folders during that time.
After reviewing the stolen data, the university determined that personal information such as names, addresses, dates of birth, driver’s license numbers, government ID numbers, and Social Security numbers were compromised.
Additionally, the attackers stole health insurance and medical information, including diagnosis and treatment details, and financial account information, Texas Tech University says in an incident notice.
The university is sending written notifications to the affected individuals and is providing them with free credit monitoring services.
Texas Tech University filed two data breach reports with the US Department of Health and Human Services, one for the Health Sciences Center El Paso and another for the Health Sciences Center, revealing that they affected 815,000 and 650,000 individuals, respectively.
The university’s incident notice does not specifically say ransomware was used in the attack, but it does mention “temporary disruptions”, and the Interlock ransomware group has claimed responsibility for the incident.
In late October, the gang added Texas Tech University Health Sciences Center to its leak site, claiming the theft of roughly 2.5 terabytes of data, including patient information, medical research, and multiple SQL databases.
Interlock was initially detailed in September, targeting organizations in the healthcare, government, manufacturing, and technology sectors in the US and Europe, engaging in double-extortion tactics and lingering in victims’ networks for weeks before deploying file-encrypting ransomware.
However, Interlock is not the only ransomware group to claim an attack on Texas Tech University. In July, the Meow ransomware group was offering for sale five SQL databases allegedly containing emails, passwords, and other sensitive information from the university, along with a security vulnerability affecting the institution’s website.
Related: SRP Federal Credit Union Ransomware Attack Impacts 240,000
Related: No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation
Related: New 5ss5c Ransomware Likely Readied to Replace Satan
Related: CISO Forum Virtual Summit: Full Session List On Demand
