Helpful Articles

Console & Associates, P.C.: Harris Center Data Breach Compromises Data of 600k Individuals

Reports have come in that the Harris Center for Mental Health and IDD (“the Harris Center”) experienced a major data breach related to the MOVEit file transfer tool. The breach occurred late in May 2023, and the company learned of it roughly a month later. Since then, an internal Harris Center data breach investigation has revealed the scope and severity of the breach. Some 600k people have been affected, and the compromised data includes names, Social Security numbers, and various types of sensitive health information.

Since August 17th, 2023, the Harris Center has been sending out letters to victims of the breach. If you receive such a letter, read it closely and then follow the relevant steps in our Guide for Victims of Data Breaches. After you’ve taken steps to protect your identity, call us at 866-778-5500 or send us an email to to schedule a free consultation. We can examine your case and counsel you on whether a Harris Center data breach lawsuit might be the right option for you.

To learn more about the Harris Center data breach, read our blog post here:

What Caused the Data Breach Affecting Harris Center Patients?

Currently, the main source of information on the Harris Center data breach is the company’s own reports. According to the company’s filings with the U.S. Department of Health and Human Services Office for Civil Rights, its own systems were not compromised. Instead, one of its vendors uses the popular MOVEit file transfer tool from Progress Software. A day-zero vulnerability in this tool resulted in ransomware group Clop being able to steal vast quantities of sensitive data before the vulnerability could be sealed.

The Harris Center did not learn that unauthorized parties had accessed its own files until June 30th. One and a half months later, the vendor and company could conclusively say that the hackers had stolen many sensitive documents. This impacted 600k people and included the following types of information:

?      Name

?      Social Security number

?      Address

?      date of birth

?      Health insurance information

?      Protected health information

Not all people were impacted by the leaks equally. Some people will have only lost certain types of information, which the Harris Center will clarify in your data breach notification letter. The main risk of the leaks is the stolen SSNs, as your SSN stays with you for life. Combined with your name, someone can use it to open lines of credit, bank accounts, and more. This can ruin your credit, saddle you with debt, and send you chasing down illegitimate transactions in your name. However, stolen health information may also be problematic. Depending on the nature of the information, people may be able to use it to receive medical treatment under your name.

More Information About Harris Center for Mental Health and IDD

The Harris Center for Mental Health and IDD is a Texas-based healthcare provider that treats behavioral and developmental disabilities. The company has more than 80 locations, 2,000 employees, and an annual revenue of roughly $275 million. If our Harris Center data breach investigation reveals a failure to secure data adequately, then you might be entitled to compensation.

A Harris Center data breach lawsuit could award you with several types of economic and non-economic damages. This could include compensation for the damages you suffer from identity theft, as well as the time you lose dealing with the fallout. On the other hand, non-economic damages cover your emotional distress, anxiety, and suffering related to the danger of identity theft.

You can learn more by calling us at 866-778-5500 or send us an email to Our Harris Center data breach lawyers are ready to answer all of your questions. If we help you go to court, you’ll only pay if you win.

About the Author
Richard Console
Posted - 08/26/2023