Back to news
Cybersecurity Alert
July 13, 2026 by EmailMeNow IT Consulting

Was Texas Tech University Health Sciences Center Breached? We Scanned Their Domain Security

TTUHSC’s Texas OAG filing lists 738,506 Texans after a September 2024 cybersecurity event tied to Interlock ransomware claims. Audits score ttuhsc.edu at 44% and ttu.edu at 34% — far below the 100% ideal.

Source: Texas OAG · HHS OCR · BleepingComputer

NewsData BreachTexasHealthcareHigher EducationRansomwareCybersecurity
Texas Tech University Health Sciences Center patient data breach cybersecurity illustration

Yes — Texas Tech University Health Sciences Center (TTUHSC) disclosed a major data security incident reported on the Texas Attorney General portal on April 27, 2026, listing 738,506 Texans affected. Combined HSC / El Paso filings to HHS OCR have put nationwide exposure near 1.4 million individuals.

The investigation traces unauthorized access and file removal to roughly September 17–29, 2024. The Interlock ransomware group publicly claimed responsibility and advertised multi-terabyte exfiltration. Consumer notices circulated around April 9, 2026, with IDX monitoring offered in many letters.

We scanned ttuhsc.edu and parent academic domain ttu.edu on July 13, 2026 against the 100% ideal domain security score.

What Happened

FieldDetail
EntityTexas Tech University Health Sciences Center
SectorAcademic medical center / higher education
Intrusion windowSep 17 – Sep 29, 2024
Texans (OAG)738,506
Data types (OAG)Names; address; SSN; DL/gov ID; financial; medical; health insurance; DOB
NoticeWebsite, U.S. Mail, Texas-wide media
Claimed actorInterlock ransomware (public reporting)

Timeline highlights from TTUHSC notices and state/federal filings:

  • Sep 2024 — Systems disruption; investigation confirms unauthorized access/exfiltration.
  • Late 2024 — HHS OCR breach reports for HSC and El Paso (~1.46M combined in earlier tallies).
  • Jan 24, 2025 — File-level review milestones cited in legal summaries.
  • Apr 9–27, 2026 — Consumer notices and Texas OAG publication.

Illustration: academic medical center ransomware disrupting clinical systems and exposing patient records

Independent Cybersecurity Audit

DomainOverallIdentityTransportWebsiteRisk vs 100% ideal
ttuhsc.edu44%25%15%45%Below Average
ttu.edu34%0%15%45%Weak

Key findings:

  • 44% / 34% overall — nowhere near the 100% ideal for a health-sciences estate holding SSNs and PHI.
  • ttu.edu at 0% Identity — spoofed @ttu.edu financial-aid, payroll, or “IDX enrollment” phishing is an acute post-breach risk.
  • 15% Transport on both domains — inbound clinical and student mail can still be downgraded without MTA-STS enforce.
  • 100% Email Infrastructure shows hosting is fine; policy enforcement is not.

Illustration: ttuhsc.edu and ttu.edu audit gauges showing identity and transport far below 100%

Audit links: ttuhsc.edu · ttu.edu

Priority Actions

If you received a TTUHSC notice: Enroll in monitoring only via the letter’s official instructions. Treat any unexpected “verify IDX / medical portal” email as suspect.

For academic medical IT: Enforce DMARC reject on HSC and parent .edu domains; deploy MTA-STS enforce; segment clinical identity from marketing senders.


audit.emailmenow.com · Contact

Sources: Texas OAG breach reports · BleepingComputer — TTU System breach · TTUHSC El Paso notice · EmailMeNow audits