Active breach tracker Abilene, Texas Disclosed December 2, 2025

West Texas Health Data Breach 2025: 73,720 Affected · Hacking/IT Incident · Abilene, TX Business Associate. Multi-State AG Filings. What To Do.

West Texas Health, PLLC — an Abilene, Texas multispecialty physician group and member of Privia Medical Group acting as a HIPAA business associate to Privia Medical Group West Texas, LLC — reported 73,720 individuals affected by a network-server intrusion between September 12 and October 3, 2025. State AG filings confirmed in 14 states. A class-action investigation is active. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Sep 12, 2025

Unauthorized access to West Texas Health's network begins (per forensic investigation).

Oct 3, 2025

West Texas Health discovers the security incident and engages external cybersecurity professionals; unauthorized access window closes.

Nov 17, 2025

Breach first reported to the Texas Attorney General — initial count 2,024 Texas residents affected.

Nov 19, 2025

Dark-web monitoring services report a possible West Texas Health data leak.

Dec 2, 2025

Breach reported to HHS OCR — 73,720 affected, Hacking/IT Incident at Network Server, Business Associate.

Dec 3, 2025

Migliaccio & Rathod LLP announces a class-action investigation of the West Texas Health data breach.

Feb 1, 2026

Privia Medical Group West Texas, PLLC begins mailing individual notification letters by U.S. mail; complimentary credit monitoring offered to those with SSN exposure. Dedicated response line 833-918-1247 activated.

Feb 6, 2026

Forensic investigation and document review conclude; West Texas Health confirms specific data elements were acquired.

Feb 23, 2026

Massachusetts Office of Consumer Affairs records breach 2026-262 — 10 Massachusetts residents affected; SSN, medical records, financial accounts, driver's license, and credit/debit numbers all confirmed breached.

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number Driver's license or state-issued identification number Passport, military identification, or other government-issued identification number

02

Health records

Don't expire and can't be reissued

Medical history, diagnosis, and treatment information

03

Contact & insurance

Phishing + targeted scams

First and last name Financial account information and financial account number Payment card information Taxpayer identification number or IRS Identity Protection PIN Health insurance policy number, claims history, and other health insurance information Username or email address coupled with password or security question and answer

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Migliaccio & Rathod LLP Shamis & Gentile P.A.
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

West Texas Health, PLLC is an Abilene, Texas multispecialty physician practice and a member of Privia Medical Group’s West Texas market. The practice has served Abilene and surrounding communities for more than 50 years, formerly operating as Abilene Diagnostic Clinic, and offers primary care, internal medicine, OB/GYN, pediatrics, plastic surgery, podiatry, chiropractic, spine care, occupational health, and acute care.

On December 2, 2025, the entity reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights, affecting 73,720 individuals and filed as a Business Associate. Unauthorized access to the network ran from September 12 through October 3, 2025, when West Texas Health discovered the activity and engaged external cybersecurity professionals. The forensic document review concluded on February 6, 2026, and Privia Medical Group West Texas, PLLC began mailing notification letters shortly after. West Texas Health first reported the incident to the Texas Attorney General on November 17, 2025 — two weeks before the HHS OCR filing — listing 2,024 Texas residents initially affected, a figure later revised upward as the document review progressed. Aggregator tracking platforms report a total affected count of approximately 74,456 individuals once state filings were updated. No ransomware group has publicly claimed responsibility; dark-web monitoring services flagged a possible data leak on November 19, 2025.

Timeline

  • September 12 – October 3, 2025 — Unauthorized actor maintains access to West Texas Health’s network (intrusion window confirmed by forensic investigation).
  • October 3, 2025 — West Texas Health detects the security incident, engages external cybersecurity professionals, and the access window closes.
  • November 17, 2025 — Breach first reported to the Texas Attorney General; initial count of 2,024 Texas residents listed.
  • November 19, 2025 — Dark-web monitoring services report a possible West Texas Health data leak (referenced by class-action counsel; no ransomware group has publicly claimed credit).
  • December 2, 2025 — Breach filed with HHS OCR: 73,720 affected, Hacking/IT Incident, Network Server, Business Associate.
  • December 3, 2025 — Migliaccio & Rathod LLP publishes a class-action investigation notice for affected individuals.
  • February 6, 2026 — West Texas Health confirms, after extensive forensic review, that specific protected health information was acquired in the incident.
  • February 2026 — Privia Medical Group West Texas, PLLC begins mailing individual notification letters by U.S. mail. Complimentary credit monitoring is offered to individuals whose Social Security numbers were exposed. Dedicated response line 833-918-1247 is activated (Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern, excluding holidays).
  • February 23, 2026 — Massachusetts Office of Consumer Affairs records breach 2026-262: 10 Massachusetts residents affected; SSN, medical records, financial accounts, driver’s license, and credit/debit numbers all confirmed.

What was exposed

Per the entity’s notice and trade-press reporting, the specific data elements varied by individual; your notification letter is the authoritative list for you. The categories confirmed exposed across the affected population include:

  • First and last name.
  • Social Security number.
  • Driver’s license or state-issued identification number.
  • Passport number, military identification, or other government-issued identification number.
  • Financial account information and financial account numbers.
  • Payment card information.
  • Taxpayer identification number or IRS Identity Protection PIN.
  • Medical history, medical diagnosis, and treatment information.
  • Health insurance policy numbers, claims history, and other health insurance information.
  • Username or email address combined with password or security question and answer.

The credential pair (username/email with password and security Q&A) is the most operationally urgent element: reused passwords can be replayed against email, banking, and patient-portal accounts. The IRS Identity Protection PIN is unusual to see in a healthcare breach and is high-risk for tax-refund fraud if exposed.

What West Texas Health is offering

West Texas Health is providing complimentary credit monitoring services to individuals whose Social Security numbers were exposed. Enrollment instructions and any activation code are printed inside the mailed notification letter. The specific monitoring vendor is not publicly named in the official notice.

For questions about the incident, contact the dedicated response line:

833-918-1247 (toll-free) — Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern time, excluding holidays.

Who’s notifying you (Business Associate — through Privia Medical Group West Texas)

West Texas Health, PLLC filed this breach with HHS OCR as a Business Associate. Practically, that means most affected individuals did not have a direct billing or front-desk relationship with the legal entity “West Texas Health, PLLC.” They were patients of Privia Medical Group West Texas, PLLC, the multispecialty practice that operates under the Privia Health brand in the Abilene region.

The official notice letter confirms: “This incident only occurred within West Texas Health’s network, and Privia’s network and systems were not affected by this incident.”

Concretely:

  • Your notification letter may arrive on Privia Medical Group West Texas, PLLC letterhead — that is the covered-entity affiliate handling the mailings.
  • Notification is by U.S. mail. There is no legitimate text-message or unsolicited-email enrollment flow for this incident; treat any such messages as phishing.
  • Credit-monitoring enrollment codes are printed inside the letter. Do not enter personal information into any site reached through unsolicited email or SMS links.

State regulatory filings

West Texas Health and Privia Medical Group West Texas notified attorneys general and consumer-protection agencies in at least 14 states. Confirmed filings include California, Iowa, Maine, Massachusetts (breach 2026-262, February 23, 2026, 10 residents), Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas (first filed November 17, 2025), Vermont, Washington, and the U.S. Department of Health and Human Services. The Texas AG filing was the earliest regulatory disclosure on record for this incident, predating the HHS OCR submission by two weeks.

Class-action posture

At least two class-action firms have announced investigations of this incident:

  • Migliaccio & Rathod LLP (announced December 3, 2025) is investigating claims arising from the West Texas Health data breach and invites affected individuals to contact the firm.
  • Shamis & Gentile P.A. is also investigating on behalf of affected Privia Medical Group West Texas patients.

As of this writing, no consolidated class action, certified class, or proposed settlement has been published. Investigations of this kind typically lead to one or more complaints alleging failure to implement reasonable cybersecurity safeguards and delayed notification; outcomes depend on case consolidation, certification, and any future settlement. Treat any “settlement payment” outreach you receive in 2026 as suspect until you can verify it against a published case caption and a court-approved settlement website.

What to do

  • Read the letter carefully. It identifies which specific data elements were exposed for you and how to enroll in the complimentary credit monitoring and identity-theft protection West Texas Health is offering for individuals with SSN exposure.
  • Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the most effective single step against new-account fraud given the SSN, driver’s-license, and passport exposure here.
  • Request an IRS Identity Protection PIN at irs.gov if yours was exposed (or rotate it through the IRS process). This is the single most important step for individuals whose IP PIN was in scope.
  • Rotate any reused passwords, especially the one tied to your Privia patient-portal login or any portal that shared a password with it. Turn on multi-factor authentication on email, bank, and benefits accounts. Credential reuse is the most predictable downstream harm here.
  • Watch your Explanations of Benefits for unfamiliar claims and request a one-time medical-records audit from your providers if anything looks off. Medical-identity misuse is a real risk where diagnosis, treatment, and insurance data are exposed.
  • Stop the ongoing flow of your healthcare data. HealthConsent files HIPAA restriction requests so the demographic, diagnosis, and insurance data exposed in this breach is not continuously re-shared by downstream entities.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.