Denton County, Texas (“The County”) is providing notice of a recent incident that may have impacted the security of personal health information. The County takes this incident very seriously and this notification provides information about the event, The County’s response to it, and resources available to individuals to help protect their information, should they feel it necessary to do so.
On July 7, 2021, The County became aware of a vulnerability within the third-party provider application utilized by The County for its COVID-19 vaccination clinics that potentially exposed individual’s data hosted on the system to anonymous users. The County immediately shut down the third-party application and launched an investigation to assess the nature and scope of the vulnerability. The investigation confirmed that there was a configuration error on the third-party application that potentially exposed individual’s health information to anonymous public users. While The County has no evidence of actual or attempted misuse of any information, The County could not rule out the possibility of access to data present in the database. The County undertook a lengthy and labor-intensive process to identify the health information impacted in the database. The only health information potentially impacted was COVID-19 vaccination data. The County never collected social security numbers, driver license numbers, or financial account information.