Denton County, Texas, vaccine clinics began notifying 326,417 patients their data had been exposed in a data breach linked to an app, according to an Aug. 31 Government Technology report.
Six things to know:
- The malfunction in the app, which was operated by Microsoft, revealed patient records on the internet, including the protected health information of patients who received their vaccines at one of the clinics. The county has sent notification letters to patients who have been affected by the breach.
- The county learned about the breach July 7 and temporarily stopped using the app until the vulnerability was patched. The county has resumed using the app.
- The notification letter said there isn't any known instance of the information being exploited or misused, according to the report.
- The data breach is part of a larger data breach that exposed 38 million records over thousands of apps. Government agencies in Indiana, Maryland and New York, as well as private businesses, have been affected.
- The exposed data was stored in Microsoft's Power Apps portal service, a development platform that companies can use to make mobile apps for external use. Microsoft said in a written statement that it takes "security and privacy seriously" and encouraged its users to "use best practices" for internet privacy, according to the report.
- Exposed data includes contact information, drug testing information, COVID-19-related vaccine data and more. Denton County said it did not collect patients' Social Security numbers, financial account information or driver's license numbers.