Notice to Our Patients of an Email Incident
MHMR of Tarrant County (MHMR) is committed to protecting the confidentiality and security of our clients’ information. Regrettably, this notice is about an email security incident that may have involved some client information. This incident does not impact all MHMR clients; only a limited number of MHMR clients are affected, and we have no reason to believe that any client information has been misused.
On December 3, 2019, we determined that an unauthorized person gained access to a small number of MHMR employee email accounts through an email security incident, also known as a phishing incident. We immediately secured the accounts, began an investigation, and a forensics firm was hired to assist in the investigation. The investigation determined that the unauthorized access to the email accounts occurred between October 14, and October 16, 2019.We carefully reviewed the contents of the email accounts and determined that some client information was contained in the email accounts, including client names, Social Security numbers, driver’s license numbers, and limited information about the care they received at MHMR.
Our investigation was unable to determine whether client information was actually viewed by the unauthorized person, and we have no indication that any client information has been misused.However, in abundance of caution, we began mailing letters to affected patients on January 31, 2020, and established a dedicated call center, or help line, to answer questions that clients may have.The call center is staffed by professionals familiar with this incident and is open Monday through Friday 8:00 a.m. to 5:30 p.m., Central Time, at 1-844-902-2029. If you believe you are affected and do not receive a letter by January 31, 2020, please contact the call center for more information.
Although we have no reason to believe client information has been misused, we recommend that affected clients review the statements they receive from their healthcare providers.If clients see services they did not receive, they should contact the provider immediately.For those clients whose Social Security numbers or driver’s license numbers were involved, MHMR is offering a complimentary membership of credit monitoring and identity protection services.
We deeply regret any concern or inconvenience this incident may cause our clients. To help prevent something like this from happening again, we are implementing additional email security, we are reinforcing education with our employees on how to identify and avoid phishing emails, and we are actively engaged in enhancing our security infrastructure and systems.