Call +1 (979) 282-5845
Back to news
Cybersecurity Alert
June 2, 2026 by EmailMeNow IT Consulting

HHS Wall of Shame: Texas Healthcare Breaches in 2026

Texas healthcare organizations continue to appear in the HHS breach portal. We track 2026 incidents affecting patients and show how email security gaps contribute to the risk.

HealthcareHIPAAData BreachTexasMedicalPatient Data
Illustration of healthcare data breaches affecting Texas patients in 2026

Healthcare remains one of the most-breached sectors, and Texas organizations appear regularly in the HHS Office for Civil Rights (OCR) breach portal for incidents affecting 500 or more individuals. Texas was among the most-breached states in early 2026, and nationally, March 2026 alone saw 66 reported breaches affecting more than 8.74 million individuals.

Recent Texas Healthcare Breaches (2026)

OrganizationIndividuals AffectedTypePeriod
Conduent Business Solutions25,000,000+ (multiple states, incl. Texas)Hacking / IT incident2026
Nacogdoches Memorial Hospital2,507,073Hacking incidentMarch 2026
North Texas Behavioral Health Authority285,086Hacking incidentMarch 2026
Barrio Comprehensive Family Health Care Center19,971Unauthorized access to the email systemMarch 2026

Figures from public breach reporting; see sources below. Counts and entries change as OCR updates the portal.

Also in the Texas OAG Breach Database

The Texas Attorney General’s breach database lists additional Texas healthcare and dental providers:

ProviderCityTexans AffectedDate Published
Texas Centers for Infectious Disease AssociatesFort Worth19,21307/01/2025
Pecan Tree Dental, PLLCGrand Prairie13,30001/30/2026
PET Imaging of Dallas NortheastGarland1,87507/17/2025
Dallas County MHMR (Metrocare Services)Dallas54204/11/2025
Winkler County Hospital DistrictKermit53306/18/2025
Legent Health (PSN Group, LLC)Plano46907/01/2025
C&C Dental Family, PLLCTyler42110/21/2025

Why Email Security Matters Here

Many healthcare breaches begin with phishing or compromised email — as in the Barrio Comprehensive Family Health Care Center incident above, which stemmed from unauthorized access to the email system. The HIPAA Security Rule requires a documented risk analysis and safeguards for ePHI in transit — areas our audit scores directly.

Check any practice’s posture at audit.emailmenow.com/?industry=healthcare-practices.

Recommendations for Practices

  • Enforce DMARC, strict SPF, and DKIM; add MTA-STS and security headers.
  • Complete and document a HIPAA security risk analysis.
  • Train staff and oversee Business Associate vendors.

Protect your patients. Contact EmailMeNow IT Consulting for HIPAA documentation and email security hardening.

Sources: Texas OAG — Data Security Breach Reports · HHS OCR Breach Portal · March 2026 Healthcare Data Breach Report — HIPAA Journal