Another day, another data breach at a healthcare facility. This time, the Texas Tech University Health Sciences Center (as well as its El Paso division) announced that it suffered a cyber attack in September.

According to a data breach notification released by the Texas Tech University Health Sciences Center, the September attack disrupted computer systems and applications and compromised full names, birth dates, addresses, Social Security numbers, driver's licenses, government identification card numbers, financial account information, health insurance information, medical information, billing or claims data, and “potentially” exposed data on 1.4 million patients, including diagnostic and treatment information.

A month after the hackers gained access to the system, the Interlock ransomware gang claimed responsibility for the attack. The threat actors also leaked a total of 2.6 TB of data allegedly stolen from HSC to their blackmail portal on the Dark Web, making it available for download.

Interlock is a relatively recent outbreak of ransomware characterized by its use of encryption tools targeting FreeBSD servers along with Windows variants; according to Bleeping Computer, Interlock typically costs organizations several hundred ransoms ranging from tens of thousands to millions of dollars, depending on the size of the organization. Patients who are confirmed to have been affected are contacted by the university's Health Sciences Center, which offers free credit monitoring services. Those whose data was compromised as a result of this cyberattack may also contact the toll-free dedicated assistance line at 1-866-902-1996.

The HSCs encourage patients to “remain vigilant for potential phishing and social engineering attacks, monitor credit reports and medical insurance claim statements, and report any suspicious activity to authorities.”

The best way to be safe against phishing is to avoid clicking on emails or messages from unknown senders. Also, check your company's policies and double-check the sender's email address: is that a known sender? Make sure all devices, including mobile devices, are protected from malware and threats. We have recommendations for the best Android antivirus apps, but due to Apple restrictions, there is no best iPhone equivalent. To protect yourself from the most common social engineering attacks, it is always best to be wary of approaches that offer opportunities and links through social media and contacts. Always be alert for unexpected links and attachments, and never open anything from someone you don't know or don't expect. If you receive a link or attachment, contact the sender and ask if they sent it and why. And of course, make sure you are using the best antivirus software available, that it is kept up to date, and that you are using the best VPN that includes browser-level privacy protection.

This month has seen one breach after another.