North Texas Preferred Health Partners Data Breach Exposes 2,074 Patients' Medical Records

A significant healthcare data breach has impacted ABKSW Preferred Health Partners, PLLC, operating as North Texas Preferred Health Partners (North Texas PHP), exposing sensitive medical information belonging to 2,074 individuals. The breach, reported to the Department of Health and Human Services on January 8, 2026, involved unauthorized access to the healthcare provider's network server through a hacking/IT incident.

What Happened

North Texas Preferred Health Partners experienced a cybersecurity incident that compromised their network server infrastructure. The breach involved unauthorized access to systems containing protected health information (PHI) and sensitive personal data. According to the breach notification, the incident exposed both Social Security numbers and medical information of affected patients.

The healthcare provider, which operates multiple locations across the Dallas-Fort Worth metroplex including Dallas, Frisco, Las Colinas, Park Cities, and Plano, discovered the security incident and subsequently reported it to federal authorities as required under HIPAA breach notification rules.

While specific technical details about the attack method remain limited, the classification as a "hacking/IT incident" suggests cybercriminals gained unauthorized access to North Texas PHP's computer systems, potentially through methods such as:

• Phishing attacks targeting employee credentials
• Ransomware deployment on network systems
• Exploitation of software vulnerabilities
• Social engineering tactics

Who Is Affected

The data breach impacted 2,074 individuals who received healthcare services from North Texas Preferred Health Partners. The affected patients likely include those who visited any of the practice's locations across the Dallas-Fort Worth area, where the healthcare provider offers "personalized, quality health care tailored to you."

Patients who may have been affected include those who:

• Received medical treatment at North Texas PHP facilities
• Had medical records stored in the compromised systems
• Provided personal information during patient registration
• Underwent medical procedures or consultations

Breach Details

According to the HHS Office for Civil Rights (OCR) breach report, the incident involved:

• Entity: ABKSW PREFERRED HEALTH PARTNERS, PLLC d/b/a NORTH TEXAS PREFERRED HEALTH PARTNERS
• Location: Texas
• Affected Individuals: 2,074 patients
• Breach Type: Hacking/IT Incident
• Compromised Location: Network Server
• Date Reported to HHS: January 8, 2026
• Business Associate Involvement: None reported

The types of information compromised include:

• Social Security numbers
• Medical information and records
• Potentially additional PHI as defined under HIPAA Privacy Rule

Under 45 CFR § 164.408, healthcare providers must report breaches affecting 500 or more individuals to HHS within 60 days of discovery. North Texas PHP's compliance with this reporting requirement suggests the breach was discovered sometime in late 2025.

What This Means for Patients

The exposure of Social Security numbers combined with medical information creates significant risks for affected patients, including:

Identity Theft Risks

• Medical identity theft where criminals use stolen information to obtain healthcare services
• Financial fraud through misuse of Social Security numbers
• Insurance fraud using compromised medical information

Privacy Violations

• Unauthorized disclosure of sensitive health conditions
• Potential discrimination based on exposed medical information
• Loss of medical privacy as guaranteed under HIPAA Privacy Rule (45 CFR § 164.502)

Legal Implications

Data breach law firm Strauss Borrelli PLLC is investigating the incident and exploring potential class action litigation on behalf of affected patients. This legal scrutiny suggests potential HIPAA violations and inadequate security measures that may have contributed to the breach.

How to Protect Yourself

If you're a patient of North Texas Preferred Health Partners, take these immediate steps:

Monitor Your Accounts

• Review medical statements for unauthorized services or charges
• Check insurance explanations of benefits for suspicious activity
• Monitor credit reports from all three major bureaus
• Watch bank and credit card statements for fraudulent transactions

Secure Your Identity

• Place fraud alerts with credit bureaus
• Consider credit freezes to prevent new account openings
• Update passwords for healthcare portals and insurance accounts
• Enable two-factor authentication where available

Report Suspicious Activity

• Contact your insurance company immediately if you notice unauthorized claims
• Report identity theft to the Federal Trade Commission at IdentityTheft.gov
• File police reports for any confirmed fraudulent activity
• Notify healthcare providers of potential medical identity theft

Legal Options

• Contact breach notification attorneys if you suffer damages
• Document all costs related to breach response efforts
• Keep records of time spent addressing breach-related issues

Prevention Lessons for Healthcare Providers

The North Texas PHP breach highlights critical HIPAA security vulnerabilities that healthcare organizations must address:

Technical Safeguards (45 CFR § 164.312)

• Network security controls to prevent unauthorized access
• Endpoint protection including anti-malware solutions
• Regular security updates and patch management
• Multi-factor authentication for system access

Administrative Safeguards (45 CFR § 164.308)

• Security officer designation with clear responsibilities
• Regular risk assessments to identify vulnerabilities
• Employee training programs on cybersecurity threats
• Incident response procedures for breach situations

Physical Safeguards (45 CFR § 164.310)

• Server room security and access controls
• Workstation security measures
• Device and media controls for data storage

Business Associate Management

While no business associate was involved in this breach, healthcare providers must ensure Business Associate Agreements (BAAs) include appropriate security requirements under 45 CFR § 164.314.

Breach Response Planning

Healthcare organizations need comprehensive breach response plans that address:

• Immediate containment procedures
• Forensic investigation capabilities
• Patient notification requirements under 45 CFR § 164.404
• Regulatory reporting obligations
• Credit monitoring and remediation services

The North Texas Preferred Health Partners breach serves as a reminder that healthcare organizations remain prime targets for cybercriminals seeking valuable medical information. Patients affected by this incident should remain vigilant for signs of identity theft and medical fraud while healthcare providers must strengthen their cybersecurity posture to prevent similar incidents.

Learn how HIPAA Agent can help protect your practice.