State health agency hit with $1.6M fine
AUSTIN — The federal government is fining the Texas Health and Human Services Commission $1.6 million for failing to protect the privacy of thousands of people who rely on state services.
A breach in 2015 exposed the names, addresses, social security numbers and treatment information for over 6,600 people on the internet.
The flaw in software code was discovered when an unauthorized person was able to access the personal information without having to log into the state’s system, according to the U.S. Department of Health and Human Services Office for Civil Rights, which levied the fine.
Because of inadequate auditing, the state’s Department of Aging and Disability Services was unable to determine how many unauthorized people accessed the private records, the federal investigation found.
“Covered entities need to know who can access protected health information in their custody at all times,” said Office for Civil Rights Director Roger Severino in a written statement. “No one should have to worry about their private health information being discoverable through a Google search.”
The breach didn’t result in any known financial or physical harm. It occurred after an internal application was moved from a private, secure server to a public one. A spokeswoman for HHSC said the department takes security and privacy seriously.
“We are continually examining ways to strengthen our processes for the health and safety of Texans,” spokeswoman Kelli Weldon said in a statement.