Sabine County Hospital Data Breach Affects 7,600 Patients in Texas

Sabine County Hospital in Texas has reported a significant healthcare data breach affecting over 7,600 patients to the U.S. Department of Health and Human Services. The incident, which involved a hacking attack on the hospital's email systems, was discovered on August 21, 2025, and has prompted investigation by data breach law firm Strauss Borrelli PLLC.

What Happened

On August 21, 2025, Preferred Hospital Leasing Hemphill Inc., operating as Sabine County Hospital, became aware of a hacking incident that compromised their email systems. The breach was classified as a hacking/IT incident by the Department of Health and Human Services and was formally reported to the HHS Office for Civil Rights.

According to breach notification details, the incident may have involved unauthorized access to sensitive personal identifiable information and protected health information belonging to over 7,500 patients. The attack targeted the hospital's email infrastructure, which is a common entry point for cybercriminals seeking to access healthcare data.

The timing of this breach is particularly notable as it coincides with operational changes at the facility. The hospital's board had recently voted unanimously to enter into a long-term lease agreement with Preferred Hospital Leasing Hemphill Inc. (PHLH), transferring operational responsibility and financial risk for both the hospital and clinic to the leasing company.

Who Is Affected

The breach impacts approximately 7,600 individuals who were patients of Sabine County Hospital. This represents a significant portion of the patient base for a rural Texas healthcare facility, making the incident particularly concerning for the local community.

Patients affected by this breach may include those who:

• Received medical treatment at Sabine County Hospital
• Had their information stored in the hospital's email systems
• Communicated with healthcare providers via email
• Had their data processed through compromised email accounts

Breach Details

The breach has been classified by HHS as a hacking/IT incident involving email systems. Key details include:

• Entity: Preferred Hospital Leasing Hemphill Inc., d/b/a Sabine County Hospital
• Location: Texas
• Breach Type: Hacking/IT Incident
• Systems Affected: Email
• Patients Impacted: 7,600
• Discovery Date: August 21, 2025
• Reporting Date: August 21, 2025

The breach notice indicates that the incident may have compromised both personally identifiable information (PII) and protected health information (PHI). However, the hospital has not released additional details about the specific types of information accessed or the methods used by the attackers.

What This Means for Patients

For the 7,600 affected patients, this breach represents a serious privacy concern. Healthcare data breaches are particularly problematic because medical information is highly valuable to cybercriminals and can be used for:

• Identity theft: Personal information can be used to open fraudulent accounts
• Medical identity theft: Criminals may use health information to obtain medical services
• Insurance fraud: Health insurance information can be exploited for fraudulent claims
• Targeted scams: Personal details enable more convincing phishing attempts

The fact that this breach involved email systems is especially concerning, as healthcare providers often communicate sensitive patient information via email, including appointment details, test results, and treatment plans.

How to Protect Yourself

If you are a patient of Sabine County Hospital, consider taking these protective steps:

Monitor Your Accounts

• Review medical bills and insurance statements for unfamiliar charges
• Check credit reports regularly for suspicious activity
• Monitor bank and credit card statements closely

Stay Alert for Scams

• Be cautious of unexpected calls or emails requesting personal information
• Verify the identity of anyone claiming to represent the hospital or insurance companies
• Report suspicious communications to the hospital and relevant authorities

Protect Your Information

• Consider placing a fraud alert on your credit reports
• Review and update passwords for online medical portals and insurance accounts
• Keep detailed records of all medical treatments and communications

Contact the Hospital

• Reach out to Sabine County Hospital for specific information about the breach
• Ask what steps the hospital is taking to protect your information going forward
• Request details about any credit monitoring or identity protection services being offered

Prevention Lessons for Healthcare Providers

This incident at Sabine County Hospital highlights critical cybersecurity vulnerabilities that healthcare organizations must address:

Email Security

• Implement advanced email filtering and anti-phishing solutions
• Use encrypted email systems for all patient communications
• Train staff to recognize and report suspicious email activity
• Establish secure communication protocols that minimize email-based PHI sharing

Operational Transitions

• Ensure cybersecurity measures remain robust during ownership or operational changes
• Conduct thorough security assessments when transferring operational responsibility
• Maintain consistent security protocols across organizational transitions

Incident Response

• Develop comprehensive breach response plans that can be activated quickly
• Establish clear communication protocols for notifying patients and regulators
• Regularly test and update incident response procedures

HIPAA Compliance

• Maintain continuous HIPAA risk assessments
• Ensure all staff receive regular cybersecurity training
• Implement multi-layered security controls to protect PHI
• Document all security measures and regularly review their effectiveness

The investigation by Strauss Borrelli PLLC suggests that this breach may have legal implications for the hospital. Healthcare providers must understand that data breaches can result in significant financial penalties, legal action, and reputational damage beyond the immediate technical remediation costs.

As healthcare cyber threats continue to evolve, organizations like Sabine County Hospital must prioritize robust cybersecurity measures and maintain vigilant protection of patient data. The fact that this breach was discovered and reported on the same day suggests the hospital had some incident detection capabilities in place, but prevention remains the best strategy.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.