Denton County in Texas has identified a vulnerability in a third-party provider software utilized in association with the personal health information (PHI) of individuals that was possibly exploited by unauthorized people. The software was utilized at COVID-19 vaccination centers in the County and included data like names, birth dates, email addresses, telephone numbers, and COVID-19 vaccination data.
Denton County officers found the vulnerability on July 7, 2021 and suggested that anonymous users had access to the software database. When the vulnerability was identified, the application was promptly de-activated and an investigation was started to find out the scope of the problem and whether any unauthorized people had taken advantage of the vulnerability to obtain access to sensitive information.
Denton County affirmed that there was a problem made when setting up the application which compromised the information to unauthorized persons. Although no proof was received that suggests any actual or attempted improper use of PHI of individuals, unauthorized access to the software database cannot be ruled out.
A long, extensive evaluation was done to find out which people were impacted. Only the above data were compromised. Sensitive information like driver license numbers, Social Security numbers, and financial account data were not utilized with the software.
Denton County, with the help of a third-party software provider, has currently carried out more safety measures to make sure the security of the software and the personal information and PHI of County residents.
The character of the compromised information doesn’t put people at a great risk of identity theft or fraud; nevertheless, the County has instructed all impacted people to stay cautious and to check their account statements and credit reports for suspicious activity.
At first, it seemed that about 1.2 million people were impacted, however, a review affirmed lots of compromised data were duplicates. The breach report has already been submitted to the Department of Health and Human Services’ Office for Civil Rights indicating that 326,417 people were affected.