PHI of 6,600 Texans accessible on Internet for up to 8 years

A state agency in Texas may have accidentally released medical data for more than 6,600 Medicaid recipients onto the Internet for up to eight years, according to an American-Statesman report.

In a notification letter to affected individuals, the Texas Department of Aging and Disability Services indicated a web application intended for internal use only was accessible on the Internet.

The application contained patient information including names, residences, addresses, birth dates, Social Security numbers, Medicaid numbers, medical diagnoses and treatment information.

DADS learned of the data breach April 21, 2015 and immediately took down the website and launched an investigation, according to the notification letter.

Currently, the agency reports having no reason to believe any information has been misused.

Cecilia Cavuto, a spokeswoman for DADS, told the American-Statesman the patient data may have been unintentionally posted online when data handling responsibilities transferred departments. Ms. Cavuto said human error is the likely culprit of the breach.

"I don't think we have the answer to what exactly caused this breach just yet," Ms. Cavuto told the American-Statesman. "It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error."

According to the notification letter, DADS has strengthened its policies, procedures and web-application security.

More articles on data breaches:

Cybersecurity: Weighing the price of prevention vs. recovery
50 things to know about healthcare data security & privacy
5 top data breach trends for this year

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months