News and Events

WACO, TX— The Heart of Texas Behavioral Health Network, a HIPAA-covered entity, is providing notice of a privacy and data security incident involving paper patient records affecting residents in McLennan County, Texas. This notification is being provided in compliance with federal and state law, including HIPAA, the Texas Identity Theft Enforcement and Protection Act, and guidance from Texas Health and Human Services.

Summary of the Incident:

• What Happened: On 11/20/2025, we discovered that an unauthorized individual had unlawfully entered one of our facilities during a break-in that occurred on or about 11/20/2025. Paper patient records stored in the building may have been accessed or removed without authorization. Law enforcement was notified promptly.
• Information Involved: Records may include patient names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses, treatment, or procedure information, and Medicaid or health insurance information.
• Action Taken: The affected area was secured, and a full internal investigation was initiated; law enforcement and regulatory authorities (HHS OCR, Texas OAG, HHSC) were notified, and enhanced physical security safeguards and staff training were implemented.
• Guidance for Affected Individuals: Because Social Security numbers were involved, individuals are encouraged to review explanation-of-benefits statements, billing statements, and credit reports for suspicious activity. Free credit reports can be obtained at AnnualCreditReport.com or by calling 1-877-322-8228.

Heart of Texas Behavioral Health Network takes the privacy and security of protected health information seriously and regrets any concern this incident may cause.

For more information, please contact Noel Magee, Privacy Officer, by phone at 866-752-3451 or by email at noel.magee@hotbhn.org.

# # #