MHMR Brazos Valley investigates ‘security incident’ involving personal Information
BRYAN, Texas (KBTX) – A Brazos Valley nonprofit organization based in Bryan is currently conducting an investigation following the discovery of a potential data breach that may have compromised the personal and protected health information of both employees and patients.
The security incident occurred at the MHMR Authority of the Brazos Valley, an organization serving thousands of individuals in a seven-county area, providing support for those with mental health needs or intellectual and developmental disabilities.
MHMR has locations in Bryan, Caldwell, Navasota, Centerville, Madisonville, Hearne, and Brenham.
Data breaches like the one seen at MHMR have been on the rise across the county and have become increasingly costly.
According to a study by the Ponemon Institute, which focuses on information security and privacy issues, 53% of companies experienced a third-party data breach in the past year.
Cybersecurity Ventures, a research company specializing in cyber economic market data, predicts that global cybercrime costs will grow by 15% annually over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.
Last November, MHMR discovered an incident that affected access to certain computer systems. In late December, KBTX became aware of the data breach and began inquiring about the incident on December 21, but MHMR declined to comment at that time.
After conducting a review more than six months later, KBTX discovered that the personal and protected information of certain MHMR employees and current and former patients might have been compromised. The exact number of affected individuals remains unknown, but officials said in a press release that the breach targeted personal information, including Social Security and driver’s license numbers, bank account details, logins, medical records, and health insurance information.
Surprisingly, despite the prevalence of data breaches, a study by Varonis found that 64% of Americans have never checked to see if they were affected by one, and 56% of Americans are unsure about the necessary steps to take in the event of a data breach.
In response to such incidents, earlier this year, Governor Abbott signed Senate Bill 768, a law amending the state’s data breach notification statutes. The amendments mandate notifying the Attorney General within 30 days of confirming the impact on at least 250 Texas residents and submitting notifications electronically through a provided form on the Attorney General’s website. These amendments will take effect on September 1.
Earlier this year, Governor Abbott signed a law amending the state’s data breach notification statutes, mandating the notification of the Attorney General within 30 days of confirming its impact on at least 250 Texas residents and submitting notifications electronically through a provided form on the Attorney General’s website. These amendments are set to take effect on September 1. Presently, MHMR does not appear on the Attorney General’s data breach list but could indicate that the list may not have been updated.
In MHMR’s press release, they say they have no knowledge that personal information was used to commit identity theft or for other illicit financial gain.
KBTX reached out to MHMR for comment, but they stated that they have no further information to provide at this time.
A copy of the full press release can be viewed below.