Privacy & Security

State agency HIPAA security gaffe puts patient data on the Internet

Social Security numbers and PHI compromised
By Erin McCann
June 12, 2015
10:43 AM

A Texas state agency has come forward to notify its Medicaid recipients that due to security shortfalls, their Social Security numbers and protected health information became accessible on the Internet.

The Texas Department of Aging and Disability Services, a state agency responsible for administering support and services for the aging individuals and people with disabilities, announced June 11 a data breach following the "unintentional release" of personal data. The breach impacted 6,600 of its Medicaid recipients, state officials said, including the compromise of their names, dates of birth, addresses, Social Security numbers, Medicaid numbers and clinical diagnoses and treatment information.

[See also: Health system sees 7th HIPAA data breach.]

According to the agency notice, the department was notified that patient information was available via the Internet April 21, 2015. Officials provided no additional details on the incident. As of publication time, they had not responded to Healthcare IT News' inquiries around details of what occurred and whether a third-party vendor was involved.

In the notice, there were no apologies issued from department officials over the incident, but they did indicate they had "strengthened" Web-app security and policies "in an effort to prevent such a breach from occurring again."

To date, nearly 135 million people have had their protected health information compromised in reportable HIPAA breaches, according to data from the Office for Civil Rights, the HHS division responsible for enforcing HIPAA. In this tally, only HIPAA breaches involving 500 or more individuals are counted.

[See also: HIPAA breaches: The list keeps growing and 6 biggest HIPAA breach fines.]

In Texas, specifically, since the HIPAA breach notification rule went into effect in 2009, nearly 3.6 million people have had their protected health information compromised. One of the biggest HIPAA violators in the state has been the University of Texas MD Anderson Cancer Center, with officials reporting three HIPAA breaches since 2012, impacting nearly 35,000 individuals.

The HealthTexas Provider Network, which is affiliated with Baylor Scott & White Health, has also reported three HIPAA breaches since 2011, including a case of hacking, unauthorized access and theft of an unencrypted laptop.

Topics: 
Privacy & Security

More regional news

VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
David Miles of Oklahoma Heart Hospital

Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm

By
Bill Siwicki
November 21, 2024
Healthcare workers looking at X-ray images on monitors

Streamlining healthcare operations with multicloud-by-design

November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Most Read

Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards

More Stories

BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks