The Texas insider breach at the Texas Health and Human Services Commission (HHSC) has exposed the personal information for 61,000 individuals.
The incident involved the theft of benefit funds. It is under investigation, with authorities pursuing criminal charges.
The breach was discovered on November 21, 2024. It revealed improper access to sensitive data between June 2021 and December 2024.
The compromised data includes full names, addresses, phone numbers, dates of birth, email addresses, Social Security numbers, Medicaid and Medicare IDs, and financial information.
“Some Lone Star Cards containing SNAP funds may have been improperly accessed or used,” HHSC stated.
The agency urges SNAP recipients to check their Lone Star Card transactions for fraudulent activity.
One incident involved the theft of $270,000 from 500 SNAP accounts.
The Texas Tribune reports four separate incidents of improper access breach.
HHSC is offering two years of free identity and credit monitoring to affected individuals. They are also strengthening internal security controls and implementing additional fraud prevention measures to fight insider threats.
Security expert Mike Hamilton of Lumifi questioned the time it took to detect the breach.
He stated, “The fact that threat actors were in the network for so long…suggests that the state does not use comprehensive monitoring to alert on aberrational behavior.”
He suspects the breach was discovered through fraud reports from SNAP recipients.
He added, “Without a system to aggregate this information, it would have taken quite a while to identify…the cause of the fraud.”
Experts recommend implementing role-based access controls (RBAC) to limit data access. Andrew Mahler of Clearwater Consulting emphasized the importance of ongoing RBAC reviews and regular audits. David Finn of Cyber Health Integrity noted that state government health IT systems are attractive targets due to the sensitive data they hold and often limited cybersecurity resources.
