IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Data Breach Costs Texas Health Agency $1.6 Million

The federal government has slapped the Texas Health and Human Services Commission with a $1.6 million fine for a data breach that made the personal health information of 6,617 people available online.

(TNS) — The federal government announced Thursday that it has slapped the Texas Health and Human Services Commission with a $1.6 million fine for a data breach that made the personal health information of 6,617 people available online.

The inadvertent release of names, addresses, Social Security numbers and treatment information between 2013 and 2017 violated federal health privacy laws, resulting in the fine, said officials with the Office for Civil Rights at the U.S. Department of Health and Human Services.

"No one should have to worry about their private health information being discoverable through a Google search," said Roger Severino, director of the Office for Civil Rights.

According to the federal agency, the information was held by the Texas Department of Aging and Disability Services, which provided long-term care for elderly Texans and those with physical and intellectual disabilities before it was reorganized into the Health and Human Services Commission in 2017.

The breach occurred when an internal application was moved from a private, secure server to a public server, where a software flaw allowed the private information to be viewed without access credentials.

The Office of Civil Rights' investigation also determined that the Texas agency failed to conduct a risk analysis and implement access and audit controls on its information systems as required by the Health Insurance Portability and Accountability Act, the privacy law commonly known as HIPAA.

Because of inadequate audit controls, the Texas agency was unable to determine how many unauthorized people viewed the private information, the federal investigation concluded.

The Texas Legislature in May approved a settlement agreement with the federal government, including the $1.6 million fine, to end the matter.

Kelli Weldon, a press officer for the Texas health agency, said officials take information security and privacy seriously.

"We are continually examining ways to strengthen our processes for the health and safety of Texans," Weldon said.

©2019 Austin American-Statesman, Texas. Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • Sponsored
    Smart cities could transform urban living for the better. However, in order to mitigate the risks of cyber threats that can be exacerbated by inadequately secured and mobile edge computing (MEC) technologies, government officials should be aware of smart cities security concerns associated with their supporting infrastructure.
  • Sponsored
    How the convergence of security and networking is accelerating government agencies journey to the cloud.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.
  • Sponsored
    Five Key Criteria for Selecting the Right Technology Solution for Communications and Notifications