Harris County in Texas has uncovered that the personal and health information (PHI) of thousands of people were exposed on the internet. It is likely that unauthorized individuals may have accessed this data.
Under Harris County’s lawfully mandated reporting requirements, data is given to the Harris County Justice Administration Department that includes System Person Numbers, which are unique identifiers the Harris County jail system assigns to every person. Aside from those numbers, a number of health data are given associated with the medical care people get at the County’s Jail Clinic, such as medical backgrounds, diagnoses, and/or prescription data.
Harris County officials discovered the inadvertent exposure of sensitive data on July 9, 2021. Harris County confirmed that from March 15, 2021 to May 22, 2021, the above-mentioned types of data were unintentionally made accessible on the website of the Justice Administration Department.
There were no names, Social Security numbers or financial account data included, however, because unique identifiers were exposed, it may be likely that some people can be identified. During the investigation, there was no evidence found that suggests the access or download of the exposed information by unauthorized people. There was also no report received that indicate the misuse of any data.
Harris County is urging all impacted persons to check any statements they get from their healthcare companies and to examine them thoroughly and send a report in case there are healthcare services listed that they did not get.
The investigation is continuing, and a helpline is created to give impacted persons additional information (1-855-545-2039). Harris County is additionally doing something to improve current processes to avoid the same breaches later on.
Harris County reported the breach to the Department of Health and Human Services’ Office for Civil Rights indicating that 26,000 people were affected.