IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
News

Public Health Records Exposed in Denton County, Texas, Breach

Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say.

August 31, 2021 • 
Maggie Prosser, The Dallas Morning News
Data breach
(TNS) — Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say.

A malfunction in the third-party software revealed contact and identifying information, as well as COVID-19 vaccination types and appointment dates and times, on the internet, officials said in a written notification that was sent to people who were affected.

The county learned of the breach in early July and discontinued use of the app at vaccine clinics until the malfunction was resolved. The county said it has resumed using the app.

It is unclear how many people were affected, but 1,286,106 records were exposed, according to a report from UpGuard Research, a cybersecurity firm that first notified Microsoft of the problem. However, Denton County said Monday evening that the actual number of records involved, after duplicates were eliminated, was 326,415.

In the notification, the county said it was not aware of any instances that the information was “misused,” but it advised anyone whose information was affected to be vigilant against fraudulent activity.

“There is no indication that this vulnerability was exploited, nor is there evidence that any data has been misused,” a county spokeswoman said.

The malfunction in the app, which was operated by Microsoft, was responsible for revealing 38 million records from 47 entities that use the software, UpGuard Research said.

Governmental agencies in Indiana, Maryland and New York and private businesses including Ford, American Airlines and J.B. Hunt were also affected. The unsecured data from companies included employee contact information, drug testing information and Social Security numbers.

Denton County said it never collected Social Security or driver’s license numbers or financial account information.

UpGuard Research said in a written statement that it notified Denton County officials of the breach July 7 and that the data was secured the same day.

Microsoft said in a written statement that it takes “security and privacy seriously” and encouraged its users to “use best practices” for internet privacy.

© 2021 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.

Tags:

Cybersecurity
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
em-footer-logo.png