Travis County Health and Human Services
Breach Analysis

• 2024-08-19

  Unauthorized access via contractor credential detected
• 2024-08-22

  Contractor access suspended; forensic review initiated
• 2024-09-30

  Scope confirmed: 37,000 benefits recipients affected
• 2024-10-15

  Notifications sent; Texas AG notice filed

How they got in

Contractor employee credential compromised via phishing. Contractor had broader-than-necessary access to benefits management system. Threat actor exfiltrated Medicaid and benefits eligibility records over a 72-hour window before detection.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  Contractor access: scope to minimum required data; time-limited sessions; no persistent credentials
• 2
  Business associate agreements: execute BAA with all contractors handling PHI; include breach notification obligations
• 3
  DLP rules: block bulk export of benefits/Medicaid records exceeding operational threshold
• 4
  Contractor account monitoring: audit log all access; alert on anomalous query volume or off-hours activity
• 5
  Quarterly contractor access review: verify active engagement justifies access level; revoke dormant accounts within 30 days

• → Texas AG Breach Notices
• → DataBreaches.net

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.