West Texas Oral Facial Surgery has confirmed that it was the target of a ransomware attack on May 29, 2025. The group INC RANSOM took credit for the breach weeks later, publicly posting about it on the dark web on June 18. The incident led to unauthorized access and extraction of sensitive personal and medical data, resulting in network disruptions at the clinic.
According to an internal investigation, the stolen data includes names, Social Security numbers, medical imaging, dates of birth (in limited cases), and reasons for treatment. The breach was reported to the Texas Attorney General on August 4 and to the U.S. Department of Health and Human Services on August 2, with a total of 11,151 individuals affected.
The data breach appears to have been limited in scale but included highly sensitive health and identity-related information. The attack disrupted the clinic’s operations and has triggered regulatory reporting at both the state and federal levels. Affected individuals have begun receiving written notifications, and the clinic has established a call center to field questions and provide support.
While the clinic has not identified any misuse of patient information so far, it is advising patients to monitor their accounts and credit reports closely. The identity of the attackers has not been independently verified, but the timeline aligns with similar tactics seen in previous INC RANSOM campaigns.
West Texas Oral Facial Surgery has stated that it took immediate steps to contain the breach and investigate the incident. In its public notice, the clinic stated that it is unaware of any actual misuse of the compromised data. A dedicated support line is available for concerned patients.
The company has not stated whether a ransom was paid, and law enforcement involvement has not been publicly confirmed.
INC RANSOM is a cybercriminal group known for ransomware attacks against healthcare and education sectors. They often use double extortion tactics, stealing data before encrypting systems and threatening to publish stolen data if a ransom isn't paid.
Medical imaging files may contain embedded personal data such as patient names, birthdates, and diagnostic details. If accessed, these files can be misused for identity theft or unauthorized medical profiling.
If you notice any unfamiliar activity involving your insurance, medical bills, or credit, report it immediately to your healthcare provider, credit bureaus, and the Federal Trade Commission. Consider placing a fraud alert or credit freeze.
Healthcare providers must report data breaches affecting more than 500 individuals to the U.S. Department of Health and Human Services under HIPAA. State laws like Texas’ require notification to the Attorney General when resident data is involved.
Yes. Affected individuals may be eligible to join lawsuits or take independent legal action if they experience harm or damages resulting from the breach, such as identity theft or medical fraud.