Kentucky Notifies Clients of Potential email HIPAA Breach
This story should be a warning to managers of all practices. This type of situation can occur when employees are not trained to be vigilant about their email practices while at work.
The state of Kentucky is notifying clients of a potential breach of information related to e-mail, according to an announcement on the state departmentâ€™s website.
The Cabinet for Health and Family Services September 18 posted a notice stating that approximately 2,500 clientsâ€™ information may have been unintentionally released because of an employee email account breach. The information was held by the Cabinetâ€™s Department for Community Based Services (DCBS).
In July, according to the statement, a DCBS employee responded to a â€śphishingâ€ť e-mail sent by a hacker.
â€śUnauthorized activity on the account was identified within a half hour and the account was immediately disabled,â€ť according to the statement. â€śWhile there is no evidence that the confidential contents of the e-mail account were accessed or viewed, the hacker did have access to the e-mail account for a brief period. Data about the individuals being notified was included in the National Youth Transition Database monitoring those in the process of or who have recently aged out of the foster care system.â€ť
Rodney Murphy, executive director of the Office of Administrative and Technology Services for Kentucky, said â€śin all likelihood,â€ť the hacker wanted to send spam e-mails across state government and â€śdid not access or view client information.â€ť