On February 2, 2026, Empowerment Schools – Healthcare Ltd and Texas Medical Careers, Limited, doing business as The College of Health Care Professions (CHCP), reported to the Texas Attorney General that a data breach may have compromised the protected health information (PHI) of 68,825 individuals.
What happened
According to the Attorney General of Texas, an unauthorized third party may have accessed sensitive personally identifiable information stored within the CHCP systems.
As of February 27, 2026, CHCP has not publicly released detailed information about the incident, including when the breach occurred or how attackers gained access. However, the potentially exposed information varies by individual and may include highly sensitive personal and medical data. The exposed data could include names, Social Security numbers, addresses, dates of birth, driver’s license numbers, government-issued identification numbers, financial information such as bank or card numbers, as well as medical and health insurance information. CHCP has since begun notifying the 68,825 potentially affected individuals.
In the know
The “False Confidence” paradox in healthcare IT is the gap between perceived security and actual technical vulnerabilities. While 92% of healthcare IT leaders report confidence in preventing breaches, much of this stems from a “checkbox” approach to compliance. Many assume that using platforms like Microsoft 365 or Google Workspace automatically maintains protection, yet audits reveal mismanaged DMARC settings, permissive or missing SPF records, and silent failures that can expose sensitive data.
Furthermore, 86% of IT leaders admit that security tools create workflow friction, and 41% of providers report their teams bypassed secure messaging to maintain productivity. Budgeting and visibility issues further compound risk since most healthcare organizations spend only 6 - 10% of their IT budgets on cybersecurity.
Learn more:
Why it matters
When institutions like CHCP store personal identifiers with medical and insurance data, one breach can have severe consequences for affected individuals. To avoid this, these institutions must improve their cybersecurity protections and implement HIPAA compliant solutions, like Paubox, to prevent potential data breaches.
These solutions use advanced encryption to safeguard PHI during transmission and at rest. It also includes features such as email archiving and data loss prevention to further enhance security measures. Ultimately, institutions using these technologies can better protect sensitive information and maintain patient trust.
Go deeper: HIPAA Compliant Email: The Definitive Guide (2026 Update)
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access to, uses, or discloses protected health information (PHI) without permission. Examples of breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
What are the penalties for violating HIPAA?
As of March 2025, HIPAA violations incur fines from $141 to $2,134,831 per violation, depending on culpability. Tier 1 penalties apply to unintentional violations ($141–$35,581), while Tier 2 covers breaches due to reasonable cause ($1,424–$71,162). Tier 3 applies to willful neglect corrected within 30 days ($14,232–$71,162), and Tier 4 penalizes uncorrected willful neglect with the highest fines ($71,162–$2,134,831).
These fines adjust annually for inflation, and severe cases may result in criminal charges, reputational harm, and mandatory corrective actions.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
