On December 29, Texas Children’s Hospital was notified by the Harris County District Attorney’s Office that its Accounts Payable system may have suffered a security breach. Names and Social Security Numbers of some employees and vendors who received checks between 1999 and 2011 may have been accessed by an unauthorized third party and the information misused to open electricity accounts.
In a letter dated January 28 to the New Hampshire Attorney General’s Office and to those potentially affected, TCH reports that they had not (yet) confirmed that there had been a breach, but in light of the concerns, were notifying all those potentially affected and offering them two years of free credit monitoring, fraud resolution, and identity theft insurance.
Four New Hampshire residents were among those being notified of the concern. Not all employees or vendors are potentially affected; only those who received checks sent from the Accounts Payable department.
Miaoulis Note: Although the breach occured in Texas, it appears that Texas Children's notified the Attorney General in New Hamshire. There is some debate on the need to report to out of state Attorney Generals. Clearly the safest avenue is to report as specified in the states breach notification requirements.