Skip to main content
Over a doctor’s shoulder we see a spreadsheet of medical data on a vulnerable hospital computer.

The Harris Center Data Breach Investigation

Our data breach lawyers are investigating a recent data security incident at the Harris Center for Mental Health. Contact our legal team to learn more about the “network disruption” announced by the Texas health system, and to discuss potential legal action. 

The Lyon Firm is experienced in filing class action data breach lawsuits on behalf of plaintiffs nationwide. Anyone who has had their data stolen can file a claim and hold the responsible parties accountable for their IT security negligence. Contact our lawyers to file a Harris Center data breach claim. 

What Happened at the Harris Center?

According to a statement posted on their website, on November 7, 2023, The Harris Center for Mental Health and IDD experienced a network disruption, ostensibly due to some kind of cyberattack. We do not have many details regarding the incident, only that an investigation is underway and that Harris has begun warning about the possible theft of sensitive data.

An initial investigation has allegedly determined that some personal information stored on their network was accessed by an unauthorized individual between November 6, 2023, and November 7, 2023. The type of information compromised may include one or more of the following: name, address, phone number, email address, date of birth, Social Security Number, U.S. Alien Registration Number, driver’s license/state ID number, financial account information, treatment/diagnosis information, prescription information, provider name, medical record/case number, Medicare/Medicaid ID number, health insurance information, and treatment cost.

A History of Harris Data Breach Incidents

After learning about the MOVEit transfer data theft incident in August 2023, the Harris Center for Mental Health started sending out data breach notification letters to all impacted individuals. According to reports, almost 600,000 individuals linked to Harris may have had their personal information compromised in the attack. In total, tens of millions of individuals now have their data at risk over the MOVEit debacle.

MOVEit is a popular file transfer service used by government agencies, corporations, health care entities, and thousands of other organizations around the world. An unauthorized third party exploited a previously unknown vulnerability in MOVEit that allowed them to gain access to files on the MOVEit systems.

On August 9th, The Harris Center completed a data breach review and determined that the documents compromised contained personal information that included name, address, date of birth, Social Security number, health insurance information, and protected health information.

On August 17th, The Harris Center began sending written notice to the individuals whose information could have been involved in this incident. All impacted individuals can contact an attorney to discuss legal action, and possibly join an existing class action lawsuit.

There is a HIPAA Breach Notification Rule that requires data breach notifications to be issued to the HHS “without unnecessary delay.” Data Privacy lawyers say there has been a trend for many impacted healthcare entities to wait too long before alerting affected individuals, a non-action that places consumers at a higher risk for identity theft and medical-related fraud.

Delays in sending out healthcare data theft notifications could mean individuals’ personal data lands in the hands of criminals months before victims can begin to protect themselves.

Call The Lyon Firm to discuss the MOVEit and Harris Center data breach incident. Learn more about your next steps and potential compensation for your losses. We believe strongly that any entity that collects and stores our personal information has a duty to protect it with reasonably secure IT networks. Contact our lawyers for a free case review.