Texas Cybersecurity Incidents: Notable Breaches & Ransomware Attacks

Texas is the second-largest state in the U.S. by both population and economic output, which makes it one of the most targeted states for cyberattacks. From the oil fields of the Permian Basin to the sprawling hospitals of the Texas Medical Center in Houston, organizations across every sector face persistent threats from ransomware gangs, nation-state actors, and financially motivated cybercriminals. The sheer volume of sensitive data flowing through Texas industries creates a target-rich environment that attackers exploit year after year.

Understanding the history of Texas cyber threats is not an academic exercise. Each incident in the timeline below carries practical lessons about weak points that still exist in many Texas organizations today. Whether you operate a small energy services firm in Midland or a regional hospital network in San Antonio, these cases reveal patterns that should inform your security strategy going forward.

Major Cyber Incidents in Texas: A Timeline

2014 — Community Health Systems Breach

Community Health Systems, which operated multiple hospitals across Texas, disclosed a breach affecting 4.5 million patient records nationwide. The attack, attributed to a Chinese advanced persistent threat group known as APT18, exploited a vulnerability in the company's Juniper VPN devices. Stolen data included names, Social Security numbers, addresses, and dates of birth. The incident underscored the vulnerability of healthcare networks that rely on unpatched perimeter devices.

2019 — Coordinated Ransomware Attack on 23 Texas Towns

In August 2019, a coordinated ransomware attack struck 23 local government entities across Texas in a single campaign. The Texas Department of Information Resources (DIR) attributed the attack to a single threat actor who exploited shared managed service provider access. Affected towns lost access to critical services including utility billing and public records. The state activated its emergency management resources and deployed incident response teams to assist. None of the affected entities paid the ransom, and the incident became a case study in the risks of shared MSP credentials and the importance of network segmentation.

2021 — Texas Health Resources Phishing Compromise

Texas Health Resources, one of the largest faith-based nonprofit health systems in the country, disclosed that a phishing attack compromised employee email accounts containing protected health information. The breach affected approximately 3,500 patients, exposing medical records, insurance details, and in some cases Social Security numbers. The organization implemented additional email filtering and mandatory phishing awareness training in response.

2022 — Shields Health Care Group (Texas Imaging Centers)

Shields Health Care Group, which provides MRI and imaging services to Texas facilities among others, reported a breach affecting roughly 2 million individuals across its partner locations. Attackers gained access to internal systems for approximately two weeks before detection, exfiltrating patient names, Social Security numbers, diagnoses, and billing information. Several Texas imaging centers were among the affected locations, highlighting supply-chain risk in healthcare IT security.

2023 — City of Dallas Ransomware Attack

In May 2023, the Royal ransomware group attacked the City of Dallas, disrupting municipal services for weeks. The attack knocked out the Dallas Police Department's computer-aided dispatch system, forced courts to cancel hearings, and took down the city's public-facing websites. Dallas ultimately spent over $8.5 million on recovery and remediation. Investigators determined that attackers had been inside the network for approximately a month before deploying ransomware, initially gaining access through a compromised service account. The incident remains one of the most expensive municipal cyberattacks in U.S. history.

2023 — Texas Courts System Data Exposure

The Office of Court Administration for Texas experienced a data incident in 2023 that exposed case management records and personal information associated with court filings. While the full scope was not publicly quantified, the incident affected judicial operations across multiple counties and prompted the state to accelerate modernization of its court IT infrastructure.

2024 — University of Texas System Phishing Campaign

In early 2024, a sophisticated phishing campaign targeted multiple campuses within the University of Texas System, compromising faculty and staff email accounts. The attackers used the compromised accounts to redirect payroll deposits and access research data. The incident affected UT Austin, UT Dallas, and UT Health San Antonio, prompting a system-wide mandatory rollout of phishing-resistant multi-factor authentication.

Texas Data Breach Notification Law

Texas businesses that experience a data breach must comply with the Texas Identity Theft Enforcement and Protection Act (TITEPA), codified in Texas Business and Commerce Code Chapter 521. Under HB 4390, which updated the law in 2019, organizations must notify affected individuals within 60 days of discovering a breach. If the breach affects 250 or more Texas residents, the organization must also notify the Texas Attorney General. Notification must include a description of the incident, the type of data compromised, and steps individuals can take to protect themselves.

Penalties for noncompliance can reach $250,000 per violation, and the Texas Attorney General has enforcement authority. Unlike some states, Texas does not provide a private right of action under TITEPA, but businesses may still face civil lawsuits under other statutes or common law. For a full breakdown of these requirements, see our guide to Texas cybersecurity compliance requirements.

Which Texas Industries Are Most Targeted?

Energy and Oil & Gas

Texas produces roughly 43% of U.S. crude oil and 26% of natural gas. Energy companies are high-value targets for both financially motivated criminals and nation-state actors seeking to disrupt critical infrastructure. Operational technology (OT) systems in refineries and pipelines present unique attack surfaces that differ from traditional IT environments.

Healthcare

The Texas Medical Center in Houston is the world's largest medical complex, employing over 106,000 people across more than 60 institutions. Healthcare data commands premium prices on dark web markets, and hospitals face intense pressure to pay ransoms because downtime directly threatens patient safety. Organizations should explore healthcare IT security strategies tailored to clinical environments.

Defense Contractors

Texas hosts major defense installations including Fort Cavazos, Joint Base San Antonio, and NASA's Johnson Space Center, along with hundreds of defense contractors. These organizations face nation-state threats, particularly from Chinese and Russian cyber espionage groups targeting controlled unclassified information (CUI) and classified programs.

State and Local Government

As the 2019 coordinated attack on 23 Texas towns demonstrated, local governments often operate with limited IT budgets and rely on shared service providers. Municipal systems managing water treatment, power grids, and emergency services are especially attractive targets.

What Texas Businesses Must Do After a Breach

If your Texas organization experiences a data breach, the following steps are required or strongly recommended under state law:

• Contain the breach immediately — isolate affected systems, revoke compromised credentials, and preserve forensic evidence for investigation

• Conduct a thorough investigation — determine what data was accessed, how the attacker gained entry, and whether the breach is ongoing

• Notify affected individuals within 60 days — include a description of the incident, the categories of data exposed, and recommended protective actions

• Notify the Texas Attorney General if 250 or more residents are affected, using the AG's online reporting portal

• Notify credit reporting agencies if more than 10,000 individuals are affected at one time

• Document everything — maintain records of the breach, your response timeline, and all notifications for potential regulatory review

• Engage legal counsel familiar with Texas data breach law to ensure compliance with TITEPA and any applicable federal regulations like HIPAA or CMMC

How to Protect Your Texas Business Before an Incident

Prevention is always less expensive than incident response. Texas businesses should build cybersecurity programs that account for the state's specific threat landscape, which includes nation-state interest in energy and defense, high-value healthcare data, and the reality that many midmarket firms lack dedicated security teams.

• Implement multi-factor authentication across all remote access points, email systems, and privileged accounts — phishing remains the top initial access vector in Texas breaches

• Conduct regular vulnerability assessments with attention to OT systems if you operate in energy or manufacturing sectors

• Establish and test an incident response plan at least annually, including tabletop exercises that simulate ransomware scenarios

• Train employees on phishing recognition — the UT System and Texas Health Resources breaches both originated from phishing

• Segment your network so that a compromise in one area cannot spread laterally to critical systems, as happened in the 2019 municipal attacks

• Maintain offline backups that are tested regularly for restoration — this is the single most effective defense against ransomware extortion

Many Texas businesses partner with managed IT services providers or managed security services firms to maintain continuous monitoring and response capabilities without building a full in-house security operations center.

Frequently Asked Questions

How quickly must a Texas business report a data breach?

Under TITEPA and the amendments introduced by HB 4390, Texas businesses must notify affected individuals within 60 days of determining that a breach has occurred. If 250 or more Texas residents are affected, the business must also file a report with the Texas Attorney General within that same 60-day window.

What are the penalties for failing to report a breach in Texas?

The Texas Attorney General can impose civil penalties of up to $250,000 per violation for failure to comply with breach notification requirements. Additionally, the AG can pursue injunctive relief and recover legal costs. While TITEPA does not create a private right of action, affected individuals may pursue claims under other Texas statutes or common law theories.

Was the City of Dallas ransomware attack the largest municipal breach in Texas?

In terms of financial impact, the 2023 City of Dallas attack is the most expensive single municipal cyber incident in Texas history, with recovery costs exceeding $8.5 million. However, the 2019 coordinated attack on 23 Texas towns affected more individual government entities in a single campaign, making it the broadest municipal cyber incident in the state.

Which sectors in Texas experience the most data breaches?

Healthcare and government entities account for the largest share of reported Texas data breaches, driven by mandatory reporting requirements under HIPAA and state law. However, the energy sector, defense contractors, and financial services also experience significant incidents that may not always be publicly disclosed due to different reporting frameworks. Reviewing the Texas cyber threat landscape can help contextualize industry-specific risks.

Does Texas have a state-level cybersecurity agency?

Yes. The Texas Department of Information Resources (DIR) serves as the state's lead agency for cybersecurity. DIR operates the Texas Cybersecurity Framework, provides incident response support to state agencies and local governments, and publishes annual reports on the state of cybersecurity across Texas government entities. DIR also played a central coordination role during the 2019 ransomware attack on 23 Texas towns.