September 25, 2012

Kentucky health agency breached after worker falls for phish ploy

Thousands of individuals may have had their personal information exposed after hackers used a successful phishing attack to springboard to an email server belonging the Kentucky Department for Community Based Services.

How many victims? Approximately 2,500.

What type of personal information? Names, addresses and ID codes used by the agency.

What happened? In July, a DCBS employee responded to a phishing email, allowing attackers to find their way to a database on the agency's server, which contained information on youth who transitioned out of the foster care system due to age.

What was the response? Agency officials immediately disabled the account after detecting unauthorized activity. The Kentucky Cabinet for Health and Family Services (CHFS), which oversees DCBS, notified affected individuals.

Details: Cabinet officials said there was no evidence that sensitive information in the email account was stolen, and that the attacker likely wanted to spam more people though the state's email server. 

Source: healthcareitnews.com, Healthcare IT News, 2,500 involved in Kentucky data breach,” Sept. 19, 2012.

Previous Post
Next Post
Related Articles
Related Topics
Related Links

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.