Baylor Genetics Notifies Patients of Data Security Incident
Effective Date: August 14, 2020
Baylor Genetics is committed to maintaining the privacy and security of information. Baylor Genetics recently notified individuals of a data security incident involving access to certain employee email accounts by an unauthorized third-party.
Upon learning of this issue, Baylor Genetics promptly disabled access to the impacted email accounts and required mandatory password resets to prevent further access by unauthorized parties. Baylor Genetics immediately commenced a prompt and thorough investigation, working closely with external cybersecurity professionals. After an extensive forensic investigation and comprehensive and time-consuming manual document review, we discovered on July 16, 2020 that one or more of the email accounts accessed between September 24, 2019 and November 14, 2019 contained identifiable personal and/or protected health information. Baylor Genetics has no evidence to suggest that any data is misused or otherwise in the possession of someone it should not be. However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts.
The accessed email accounts contained the personal and protected health information of certain patients, including their names, dates of birth, test orders, patient account numbers unique to Baylor Genetics, and, in a very limited number of cases, Social Security numbers, financial account information, driver’s license numbers, and passport numbers. Test results were not contained in the impacted email accounts. This incident does not affect all patients of Baylor Genetics.