Harris Health patient, employee information exposed in breach related to MOVEit cyberattack

HARRIS COUNTY, Texas (KTRK) -- Patient and employee information for Harris Health System appear to be exposed as the institution disclosed that it had been targeted in a cyberattack that has impacted multiple companies across different industries.

Harris Health said the breach involved vulnerabilities in the popular MOVEit file transfer software. The earliest it knew of any data impacts was on June 2.

The breach hasn't affected operations and patient care or services, Harris Health said.

"Upon learning of the vulnerability of the managed file transfer software, MOVEit, Harris Health immediately implemented security safeguards to address the vulnerability and secure the MOVEit data," the hospital system wrote in a statement. "Harris Health is working now to assess the full scope of the incident and will be reaching out to all impacted individuals in the coming weeks."

Harris Health stated it will notify anyone whose information was involved directly, as required by law.

Anyone with questions about the breach is being directed to contact a call center at 866-347-7885. Calls will be answered Monday through Friday, from 8 a.m. to 5:30 p.m. CT, excluding holidays.

Harris Health numbers

While it's not immediately known how many patients were impacted by the breach, Harris Health's numbers for the fiscal year 2022 suggest a very wide scope.

Its volume statistics showed the following:

• Cases occupying hospital beds - 40,562
• Births - 4,839
• Emergency visits - 147,496
• Outpatient clinic visits - 1,662,493
• Total surgery cases - 18,207

In addition, its most recent demographic figures show Hispanics account for more than half of all patients served in the fiscal year 2022.

Harris Health boasts two main emergency care hospitals - Ben Taub and LBJ - along with countless other specialty, same-day, and primary clinics.

MOVEit's impact

On June 15, ABC News reported that several U.S. government networks were hit due to MOVEit vulnerabilities.

While the government-side breach was initially reported as small in scope, companies in the private sector began reporting they have been attacked.

One significant example involves the 2.5 million Genworth Financial policyholders whose data was exposed.

The country's largest public pension fund, the California Public Employees Retirement system, blamed the breach impacting 769,000 retirees and beneficiaries on Russian cybercriminals.

CalPERS said the stolen data included names, birth dates, and Social Security numbers - and might also include names of spouses or domestic partners and children.

ABC News and the Associated Press contributed to this story.