On Tuesday, the Kentucky Cabinet for Health and Family Services notified about 2,500 individuals that a possible data breach could have compromised their personal information, Modern Healthcare reports.
The agency administers Kentucky's Medicaid program, among other services.
Details of Possible Breach
In a statement, the agency said that the breach stemmed from a July incident in which an employee responded to a hacker's "phishing" email.
Gwenda Bond -- assistant communications director for the agency -- said that incident could have allowed the hacker to access a database of files for young people transitioning out of the state's foster care program.
Potentially exposed data include:
- Names;
- Dates of birth; and
- Most recent address.
According to Bond, no medical information was exposed in the incident.
CHFS said that there is "no evidence that the confidential contents of the email account were accessed or viewed."
Corrective Action
According to the agency, "Unauthorized activity on the [email] account was identified within a half hour, and the account was immediately disabled" (Conn, Modern Healthcare, 9/19).
Rodney Murphy -- executive director of the agency's Office of Administrative and Technology Services -- said that CHFS has "increased awareness activities for staff to help protect against future issues of this kind" (McCann, Healthcare IT News, 9/19).