AUSTIN — The private health data for thousands of Medicaid patients in Texas has been accidentally exposed, officials with the state Department of Aging and Disability Services said Thursday.
The exposed data included names, residences, mailing addresses, birth dates, Social Security and Medicaid numbers, and medical diagnoses and treatment information.
The agency said it has begun notifying about 6,600 Medicaid recipients about the data breach that it has known about since April 21. It just began revealing it to clients on Thursday. The department took down the problematic website on April 21 when it was advised that the information on the site was publicly accessible on the Internet, according to a statement it released.
Department spokeswoman Cecilia Cavuto told the Austin American-Statesman that the web application containing the data had been in use for eight years and was intended for internal use only. She said it was possible the data had been accidentally posted in public when its handling was transferred to another department last fall. “It looks like the application was developed without the appropriate security,” Cavuto said.
The agency said in its statement that it has no reason to believe any of the information has been misused but has arranged for credit monitoring and identity theft restoration services for the affected clients. CSID Protector, the online security provider retained by the state, is sending letters to the affected clients offering its services free of charge to them for one year.