NOTICE OF PRIVACY AND DATA SECURITY INCIDENT
Heart of Texas Behavioral Health Network, a HIPAA-covered entity, is providing notice of a privacy and data security incident involving paper patient records, including records related to Texas Medicaid members.
What Happened:
On 11/20/2025, Heart of Texas Behavioral Health Network learned that an unauthorized individual unlawfully entered one of our facilities during a break-in that occurred on or about 1/20/2025. Upon discovery, we immediately secured the premises and initiated an investigation.
The investigation determined that paper records stored within the building may have been accessed or removed without authorization. Law enforcement was notified promptly, and we cooperated with their investigation.
What Information Was Involved:
The paper records may have included patient names and one or more of the following:
- Address
- Date of birth
- Social Security number
- Medical record number
- Diagnosis, treatment, or procedure information
- Health insurance or billing information, including Medicaid information
Not all records contained the same information. At this time, we are not aware of any misuse of the information; however, because the records were unsecured, we are providing this notice in accordance with applicable law.
What We Are Doing?
Upon discovery of the incident, we took appropriate steps to investigate and mitigate the matter, including:
- Securing the affected areas and reviewing physical access controls
- Conducting a comprehensive internal investigation
- Notifying law enforcement and applicable regulatory authorities, including the U.S. Department of Health and Human Services, the Texas Office of the Attorney General, and Texas Health and Human Services, as required
- Enhancing physical security safeguards and record-storage procedures
- Reinforcing workforce training related to the secure handling of paper records
What You Can Do:
The following steps may be taken, if desired, to protect yourself from potential information breach harm:
- Register a fraud alert with the three credit bureaus listed here; and order credit reports.
- Experian: (888) 397-3742; www.experian.com; PO Box 9532, Allen, TX 75013
- TransUnion: (800) 680-7289; www.transunion.com; Fraud Victim Assistance Division, PO Box 6790, Fullerton, CA 92834-6790
- Equifax: (800)525-6285; www.equifax.com; PO 740241, Atlanta, GA 30374-0241
- Monitor account statements, EOBs, and credit bureau reports closely.
Additional Information for Texas Residents:
In accordance with the Texas Identity Theft Enforcement and Protection Act, notice of this incident has been provided to the Texas Office of the Attorney General, and required notifications have been made to Texas Health and Human Services, including for individuals whose information is associated with Medicaid.
For More Information:
Individuals seeking additional information may visit https://hotbhn.org/ or call (866) 752-3451.