The agency, which is charged with assisting some of the state’s most vulnerable people, became aware of the breach in late April, at which point the data was taken down, said department spokeswoman Cecilia Cavuto.
The released information included medical diagnoses, treatment information, Social Security numbers and personal identifying information such as names and addresses. Officials launched an investigation, which is ongoing.
Cavuto said the department is unsure if the Web application, which was meant only for internal use, had been online since it was built eight years ago. She said it is possible the data had accidentally been posted online when its handling was transferred to another department last fall.
“I don’t think we have the answer to what exactly caused this breach just yet,” Cavuto said. “It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error.”
Following the breach, the department is scouring its other Web and data applications to check for potential security risks, she said.
There is no evidence that information was being misused, Cavuto said, but the state has partnered with a data and identity protection firm to provide one year of services for clients concerned about the release of their information. The firm is sending notice letters to the patients whose data was compromised, according to a news release.
Those affected are advised to review their credit reports, medical records and financial accounts on a regular basis and immediately report any suspicious activity.
©2015 Austin American-Statesman, Texas. Distributed by Tribune Content Agency, LLC.