Dallas-based North Texas Behavioral Health Authority has reported a data breach affecting 285,086 individuals, The HIPAA Journal reported April 21.
The organization identified unauthorized activity in its systems around Oct. 15. An investigation found an unauthorized third party accessed its network between Oct. 13 and 15, “during which files containing patient information may have been viewed or acquired,” the report said.
After a review process lasting around three months, the North Texas Behavioral Health Authority confirmed Jan. 7 that some files contained personal information, including Social Security numbers. The breach is the sixth largest breach reported to the Office for Civil Rights in 2026.
Notification letters were sent to patients beginning March 6. The authority said it found no evidence of actual or attempted misuse of the data at the time notifications were sent and is offering complementary credit monitoring and identity theft protection services to affected individuals whose Social Security numbers were involved.
The organization has since reset passwords, expanded multi-factor authentication and deployed endpoint detection and response tools. No threat actor has claimed responsibility. Some law firms have opened investigations and are considering class-action lawsuits, according to the report.
At the Becker's Fall Behavioral Health Summit, taking place November 4–5 in Chicago, behavioral health leaders and executives will explore strategies for expanding access to care, integrating services, addressing workforce challenges and leveraging innovation to improve outcomes across the behavioral health continuum. Apply for complimentary registration now.
