Active breach tracker TX Disclosed June 26, 2025

Texas Centers for Infectious Disease Associates Data Breach 2025: 19,481 Patients Exposed in BianLian Network Intrusion

Texas Centers for Infectious Disease Associates (TCIDA), a Dallas-Fort Worth infectious disease specialty practice, filed a HIPAA breach notification with HHS OCR on June 30, 2025, after a July 2024 network intrusion exposed names, Social Security numbers, driver's license data, and HIV/STI-relevant medical and treatment information for 19,481 patients. The BianLian ransomware-extortion group claimed 300 GB of exfiltrated data.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Jul 19, 2024

TCIDA identifies suspicious activity on its network; third-party billing vendor compromise traced as the entry vector

Jul 19, 2024

Attacker gained access

Jun 17, 2025

Forensic file review concludes; final affected-individual count established

Jun 26, 2025

Individual notification letters mailed to affected patients

Jun 26, 2025

Disclosed publicly

Jun 30, 2025

HIPAA breach notification filed with HHS Office for Civil Rights (19,481 individuals)

Jul 3, 2025

Federman & Sherwood announces class-action investigation

Jul 9, 2025

Strauss Borrelli PLLC announces class-action investigation

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license numbers

02

Health records

Don't expire and can't be reissued

Medical record numbers Medical and treatment information (infectious disease specialty — HIV, hepatitis, and STI diagnosis/treatment context)

03

Contact & insurance

Phishing + targeted scams

Names Dates of birth Medicare and Medicaid numbers Health insurance information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Strauss Borrelli PLLC Federman & Sherwood
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Texas Centers for Infectious Disease Associates (TCIDA), a private infectious disease specialty practice serving the Dallas-Fort Worth Metroplex, has confirmed that an unauthorized actor accessed sensitive patient data through a compromised former third-party billing vendor. Suspicious network activity was first identified on July 19, 2024. The forensic file review concluded on June 17, 2025, individual notification letters were mailed on June 26, 2025, and the HIPAA breach notification was filed with the HHS Office for Civil Rights on June 30, 2025, listing 19,481 affected individuals. The BianLian extortion group publicly claimed 300 GB of exfiltrated TCIDA data on its dark-web leak site.

Timeline

  • July 19, 2024 — TCIDA identifies suspicious activity on its network. Forensic investigators trace the unauthorized access to a security incident at a former third-party medical billing vendor.
  • August 14, 2024 — The BianLian threat group posts TCIDA on its dark-web leak site, claiming exfiltration of approximately 300 GB of accounting, medical, and personal data, including president and file-server data.
  • June 17, 2025 — File review concludes, establishing the categories of data exposed and the final affected-individual count.
  • June 26, 2025 — TCIDA mails individual notification letters and posts a substitute notice via PR Newswire.
  • June 30, 2025 — HIPAA breach notification filed with HHS Office for Civil Rights (19,481 individuals, Hacking/IT Incident, Network Server).
  • July 3, 2025 — Federman & Sherwood publicly opens a class-action investigation.
  • July 9, 2025 — Strauss Borrelli PLLC publicly opens a class-action investigation.

A report submitted to the Maine Attorney General’s Office referenced a slightly higher figure of 19,776 individuals; the federal OCR filing reflects 19,481.

What was exposed

The data elements confirmed exposed vary by individual but include:

  • Name
  • Social Security number
  • Date of birth
  • Driver’s license number
  • Medical record number
  • Medicare and Medicaid numbers
  • Health insurance information
  • Medical and treatment information

Sensitive-population context

TCIDA is an infectious disease specialty practice. Its patient population is concentrated in people receiving care for HIV, hepatitis B and C, sexually transmitted infections, complex antibiotic therapy, and post-transplant or immunocompromised conditions. A “medical and treatment information” disclosure from a practice of this kind is materially more sensitive than the same disclosure from a general primary care office. The exposed records can directly or by inference reveal HIV status, hepatitis status, STI history, and ongoing treatment regimens. That category of information continues to drive employment discrimination, immigration consequences, intimate-partner harm, insurance underwriting risk, and social stigma. Patients should treat any follow-on phishing, blackmail, or “health survey” outreach referencing their TCIDA visits with extreme skepticism, and consider documenting the breach in case of any future adverse action.

What the entity is offering

TCIDA is providing complimentary identity protection services through IDX, including:

  • Up to 24 months of credit and CyberScan monitoring
  • A $1 million identity-theft insurance reimbursement policy
  • Fully managed identity theft recovery services

Affected individuals can also reach TCIDA’s dedicated call center at (855) 202-9059, Monday through Friday, 9:00 a.m. to 9:00 p.m. Central Time. Enrollment instructions for IDX are included in the individual notification letter.

Class-action and regulatory posture

As of this writing, no consolidated class-action complaint has been filed and no court docket is publicly captioned. Strauss Borrelli PLLC and Federman & Sherwood have opened public investigations and are soliciting affected individuals; the ClassAction.org investigation page has since concluded without naming a filed lawsuit. The HHS OCR portal entry remains open. No state attorney general enforcement action has been announced. The Maine Attorney General’s data-breach notifications portal reflects the entity’s required filing.

What to do if you may be affected

  • Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers and driver’s license data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
  • Enroll in the IDX monitoring offered by TCIDA. The 24-month CyberScan service includes dark-web monitoring, which is directly relevant given BianLian’s leak-site posting. Enrollment requires the activation code in your letter.
  • Watch for medical identity theft. Review every Explanation of Benefits and request a copy of your medical record from your insurer if you see services or providers you did not authorize.
  • Be alert to targeted phishing, sextortion, and “discreet” outreach. Threat actors who know you were treated at an infectious-disease specialty practice can craft convincing lures or extortion attempts. Do not engage; report to the FBI Internet Crime Complaint Center (ic3.gov) and to TCIDA’s call center.
  • Document the incident. Keep your notification letter and a copy of this page. If HIV-status, STI-treatment, or related information is later misused against you in employment, insurance, or immigration contexts, contemporaneous documentation of the breach is useful evidence.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.