<projected> Projected from news reports · Not yet confirmed by HHS. Blue Fish Pediatrics notified 41,485 Texans about a data breach that occurred between July 11 and July 17, 2025, exposing personal and protected health information.
<projected> Projected from news reports · Not yet confirmed by HHS. The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal.
Top healthcare entities in Texas by incident count
#1
Blue Fish Pediatrics
2
incidents
104K
individuals
#2
Nacogdoches Memorial Hospital
2
incidents
2.8M
individuals
#3
Texas Medicaid and Healthcare Partnership
1
incidents
2K
individuals
#4
Eyemart Express, LLC
1
incidents
25K
individuals
#5
Elara Caring
1
incidents
10K
individuals
Attack vectors
How breaches happen in Texas
Breakdown of breach types reported across 26 incidents in Texas. Understanding which vectors dominate helps practices prioritize their security controls.
Hacking/IT Incident23 (88%)
Unauthorized Access/Disclosure3 (12%)
Texas compliance requirements
Texas breach notification law
Beyond federal HIPAA requirements, Texas has its own breach notification law that may impose additional obligations on healthcare practices operating in the state.
Tex. Bus. & Com. Code § 521.053
Notification deadline
60 days
Matches HIPAA's 60-day notification requirement.
Attorney General notification
Required (250+ individuals)
Texas Data Privacy and Security Act (TDPSA)
Comprehensive consumer data privacy law with broad applicability. Includes requirements for data protection assessments, opt-out mechanisms, and data minimization.
Texas Medical Records Privacy Act
Texas has additional healthcare-specific privacy protections that exceed HIPAA in certain areas, including restrictions on re-disclosure of medical records.
AG has active enforcement program
The Texas AG has been among the most aggressive in pursuing breach notification violations, with settlements in the millions.
This is a general reference based on current Texas law. Consult legal counsel for state-specific compliance obligations. Source: Tex. Bus. & Com. Code § 521.053. Verified April 2026.
Protect your Texas practice
26 breaches in Texas. Is your practice next?
Patient Protect gives independent practices real-time compliance monitoring, breach prevention, and secure workflows — so your practice stays out of this database. Starting at $39/month.
Patient Protect tracks 26 reported healthcare data breach incidents in Texas, affecting approximately 3.5M individuals. Data is sourced from HHS OCR, State Attorney General offices, FTC enforcement, and community intelligence — updated nightly.
What is the most common breach type in Texas?
The most frequently reported breach vector in Texas is Hacking/IT Incident, accounting for 23 of 26 incidents. Unauthorized Access/Disclosure is the second most common with 3 incidents.
Are independent practices in Texas at higher risk?
Independent healthcare practices are the fastest-growing target for healthcare cyberattacks nationwide — attacks on small providers have increased 6x since 2021. Texas practices face the same threat landscape with fewer resources to defend against it. Patient Protect provides breach prevention specifically for independent practices starting at $39/month.
What are Texas's breach notification requirements?
Texas requires breach notification within 60 days, and requires notification to the Attorney General when 250 or more individuals are affected. These requirements apply in addition to federal HIPAA's 60-day notification deadline. Reference: Tex. Bus. & Com. Code § 521.053.
Explore the full breach intelligence dashboard with 12 analytical views, risk forecasting, and attack chain visualization.
Data Disclaimer: This data is aggregated from publicly available sources including the HHS OCR Breach Portal, FTC, state AG databases, CISA advisories, and curated reporting. Certain records are algorithmically modeled from news sources and labeled accordingly. Data is provided “as-is” for informational purposes only. Inclusion of any entity does not imply wrongdoing. Users must independently verify information before relying on it. See Terms of Use.
Editorial coverage · From our partner publication
Latest HIPAA Pulse coverage.
Editorial analysis of the breaches and enforcement actions reshaping Texas's threat landscape. From the Patient Protect publication.