Getty Images

Harris County Health Data Breach Exposes PHI of 26K

A health data breach is impacting 26,000 county jail patients.

One Texas county is reporting a data breach that is impacting the protected health information (PHI) of 26,000 patients of the county jail’s healthcare system.  

On July 27, Harris County (Texas) reported the breach to the US Department of Health and Human Services Office for Civil Rights, according to the OCR report of data breaches under investigation. 

“On July 9, 2021, we determined that certain protected health information was inadvertently made accessible on the County’s Justice Administration Department (JAD) website between March 15, 2021 and May 22, 2021,” the county’s notice about the privacy incident states.  

“The information, provided to JAD as part of the county’s legally required reporting obligations, contained individuals’ system person numbers (a unique identifier assigned by the Harris County jail system) and some limited health information related to care received at the County’s Jail Clinic, such as health history, diagnosis and/or prescription information,” the notice states. 

According to the county’s notice, no social security numbers or financial or payment information was exposed.  

“We have no indication that the information was actually viewed or accessed by any unauthorized person, or that it has been misused; however, we wanted to advise our community of the incident and assure them we are taking this matter seriously,” the notice states. 

Harris County set up a dedicated call center for patients to answer questions about the data breach. The center can be reached at 855-545-2039, Monday through Friday, between 8:00 am and 5:30 pm CT.  

“Harris County takes seriously the privacy and confidentiality of the personal information we maintain,” it notes.  

Any individuals impacted by the health data breach should review statements form their healthcare providers and notify their providers of any services they were charged for but did not receive.  

“We deeply regret any concern or inconvenience this may cause our community,” the notice concludes. “As we investigate this issue, we are continuing our efforts to enhance existing processes to protect against the inadvertent accessibility of this type of information.” 

Next Steps

Dig Deeper on Cybersecurity strategies