Harris County officials had few details to add Thursday morning about the investigation into a recent ransomware attack on the county’s provider for mental health services, saying cybersecurity experts had recommended they not share information.
“As mentioned … we are not able to share further information,” said Nicole Lievsay, a spokeswoman for the Harris Center for Mental Health and IDD. “When we are able, we will share what is available.”
Late Wednesday, officials with the center said it had been the target of a ransomware attack Tuesday and that some employee files had become inaccessible because of encryption.
Investigators were working to determine if any data was compromised in the attack, officials said.
Technology professionals with the center preemptively shut down the network during the attack to prevent its spread, officials said. As a result, some staff have had limited access to their files and there have been delays with patient care.
Center administrators were working with their teams and third-party security response specialists to restore full functionality, officials said. Officials reported the attack to law enforcement but cybersecurity officials recommended not to share more information.
That’s all we know at this time. I can’t speak to the matter of Harris Center’s operations, but the potential exposure of patient data would be the main concern. KUHF notes that a bunch of mental health patient data was exposed a few months ago thanks to the MOVEit attack, which did not affect Harris Center directly but got their data via one of their business partners. Hopefully that won’t be the case this time, but we’ll just have to wait and see.