Texas Centers for Infectious Disease Associates Data Breach 2025: 19,481 Patients Exposed in BianLian Network Intrusion
Texas Centers for Infectious Disease Associates (TCIDA), a Dallas-Fort Worth infectious disease specialty practice, filed a HIPAA breach notification with HHS OCR on June 30, 2025, after a July 2024 network intrusion exposed names, Social Security numbers, driver's license data, and HIV/STI-relevant medical and treatment information for 19,481 patients. The BianLian ransomware-extortion group claimed 300 GB of exfiltrated data.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jul 19, 2024
TCIDA identifies suspicious activity on its network; third-party billing vendor compromise traced as the entry vector
Jul 19, 2024
Attacker gained access
Jun 17, 2025
Forensic file review concludes; final affected-individual count established
Jun 26, 2025
Individual notification letters mailed to affected patients
Jun 26, 2025
Disclosed publicly
Jun 30, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (19,481 individuals)
Jul 3, 2025
Federman & Sherwood announces class-action investigation
Jul 9, 2025
Strauss Borrelli PLLC announces class-action investigation
Jul 19, 2024
TCIDA identifies suspicious activity on its network; third-party billing vendor compromise traced as the entry vector
Jul 19, 2024
Attacker gained access
Jun 17, 2025
Forensic file review concludes; final affected-individual count established
Jun 26, 2025
Individual notification letters mailed to affected patients
Jun 26, 2025
Disclosed publicly
Jun 30, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (19,481 individuals)
Jul 3, 2025
Federman & Sherwood announces class-action investigation
Jul 9, 2025
Strauss Borrelli PLLC announces class-action investigation
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Texas Centers for Infectious Disease Associates (TCIDA), a private infectious disease specialty practice serving the Dallas-Fort Worth Metroplex, has confirmed that an unauthorized actor accessed sensitive patient data through a compromised former third-party billing vendor. Suspicious network activity was first identified on July 19, 2024. The forensic file review concluded on June 17, 2025, individual notification letters were mailed on June 26, 2025, and the HIPAA breach notification was filed with the HHS Office for Civil Rights on June 30, 2025, listing 19,481 affected individuals. The BianLian extortion group publicly claimed 300 GB of exfiltrated TCIDA data on its dark-web leak site.
Timeline
- July 19, 2024 — TCIDA identifies suspicious activity on its network. Forensic investigators trace the unauthorized access to a security incident at a former third-party medical billing vendor.
- August 14, 2024 — The BianLian threat group posts TCIDA on its dark-web leak site, claiming exfiltration of approximately 300 GB of accounting, medical, and personal data, including president and file-server data.
- June 17, 2025 — File review concludes, establishing the categories of data exposed and the final affected-individual count.
- June 26, 2025 — TCIDA mails individual notification letters and posts a substitute notice via PR Newswire.
- June 30, 2025 — HIPAA breach notification filed with HHS Office for Civil Rights (19,481 individuals, Hacking/IT Incident, Network Server).
- July 3, 2025 — Federman & Sherwood publicly opens a class-action investigation.
- July 9, 2025 — Strauss Borrelli PLLC publicly opens a class-action investigation.
A report submitted to the Maine Attorney General’s Office referenced a slightly higher figure of 19,776 individuals; the federal OCR filing reflects 19,481.
What was exposed
The data elements confirmed exposed vary by individual but include:
- Name
- Social Security number
- Date of birth
- Driver’s license number
- Medical record number
- Medicare and Medicaid numbers
- Health insurance information
- Medical and treatment information
Sensitive-population context
TCIDA is an infectious disease specialty practice. Its patient population is concentrated in people receiving care for HIV, hepatitis B and C, sexually transmitted infections, complex antibiotic therapy, and post-transplant or immunocompromised conditions. A “medical and treatment information” disclosure from a practice of this kind is materially more sensitive than the same disclosure from a general primary care office. The exposed records can directly or by inference reveal HIV status, hepatitis status, STI history, and ongoing treatment regimens. That category of information continues to drive employment discrimination, immigration consequences, intimate-partner harm, insurance underwriting risk, and social stigma. Patients should treat any follow-on phishing, blackmail, or “health survey” outreach referencing their TCIDA visits with extreme skepticism, and consider documenting the breach in case of any future adverse action.
What the entity is offering
TCIDA is providing complimentary identity protection services through IDX, including:
- Up to 24 months of credit and CyberScan monitoring
- A $1 million identity-theft insurance reimbursement policy
- Fully managed identity theft recovery services
Affected individuals can also reach TCIDA’s dedicated call center at (855) 202-9059, Monday through Friday, 9:00 a.m. to 9:00 p.m. Central Time. Enrollment instructions for IDX are included in the individual notification letter.
Class-action and regulatory posture
As of this writing, no consolidated class-action complaint has been filed and no court docket is publicly captioned. Strauss Borrelli PLLC and Federman & Sherwood have opened public investigations and are soliciting affected individuals; the ClassAction.org investigation page has since concluded without naming a filed lawsuit. The HHS OCR portal entry remains open. No state attorney general enforcement action has been announced. The Maine Attorney General’s data-breach notifications portal reflects the entity’s required filing.
What to do if you may be affected
- Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers and driver’s license data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
- Enroll in the IDX monitoring offered by TCIDA. The 24-month CyberScan service includes dark-web monitoring, which is directly relevant given BianLian’s leak-site posting. Enrollment requires the activation code in your letter.
- Watch for medical identity theft. Review every Explanation of Benefits and request a copy of your medical record from your insurer if you see services or providers you did not authorize.
- Be alert to targeted phishing, sextortion, and “discreet” outreach. Threat actors who know you were treated at an infectious-disease specialty practice can craft convincing lures or extortion attempts. Do not engage; report to the FBI Internet Crime Complaint Center (ic3.gov) and to TCIDA’s call center.
- Document the incident. Keep your notification letter and a copy of this page. If HIV-status, STI-treatment, or related information is later misused against you in employment, insurance, or immigration contexts, contemporaneous documentation of the breach is useful evidence.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-06-30; 19,481 individuals; Hacking/IT Incident; Network Server).
- HIPAA Journal — Texas Centers for Infectious Disease Associates Announces 19K-Record Data Breach — incident summary, BianLian attribution, 300 GB claim, exposed data categories.
- PR Newswire — Official TCIDA Notice of Data Security Incident — substitute notice text, dedicated call center, dates.
- Strauss Borrelli PLLC — TCIDA Data Breach Investigation — plaintiff-side investigation, IDX confirmation, data categories.
- Federman & Sherwood — TCIDA Data Breach Investigation — plaintiff-side investigation, IDX 24-month CyberScan and $1M insurance reimbursement offering, forensic review conclusion date.
- ClassAction.org — TCIDA Data Breach Lawsuit — class-action investigation status (concluded without filed suit as of the snapshot).
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — Texas Centers for Infectious Disease Associates Announces 19K-Record Data Breach
- PR Newswire — TCIDA Notifies Individuals of Data Security Incident (official notice)
- Strauss Borrelli PLLC — TCIDA Data Breach Investigation
- Federman & Sherwood — TCIDA Data Breach Investigation
- ClassAction.org — Texas Centers for Infectious Disease Associates Data Breach Lawsuit
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.