Kentucky Notifies Clients of Potential email HIPAA Breach

Kentucky Notifies Clients of Potential Email HIPAA Breach

This story should be a warning to managers of all practices. This type of situation can occur when employees are not trained to be vigilant about their email practices while at work.

The state of Kentucky is notifying clients of a potential breach of information related to e-mail, according to an announcement on the state department's website.

The Cabinet for Health and Family Services on September 18 posted a notice stating that approximately 2,500 clients' information may have been unintentionally released because of an employee email account breach. The information was held by the Cabinet's Department for Community Based Services (DCBS).

In July, according to the statement, a DCBS employee responded to a "phishing" e-mail sent by a hacker.

"Unauthorized activity on the account was identified within a half hour and the account was immediately disabled," according to the statement. "While there is no evidence that the confidential contents of the e-mail account were accessed or viewed, the hacker did have access to the e-mail account for a brief period. Data about the individuals being notified was included in the National Youth Transition Database monitoring those in the process of or who have recently aged out of the foster care system."

Rodney Murphy, executive director of the Office of Administrative and Technology Services for Kentucky, said "in all likelihood," the hacker wanted to send spam e-mails across state government and "did not access or view client information."