September 25, 2012

Kentucky health agency breached after worker falls for phish ploy

Thousands of individuals may have had their personal information exposed after hackers used a successful phishing attack to springboard to an email server belonging the Kentucky Department for Community Based Services.

How many victims? Approximately 2,500.

What type of personal information? Names, addresses and ID codes used by the agency.

What happened? In July, a DCBS employee responded to a phishing email, allowing attackers to find their way to a database on the agency's server, which contained information on youth who transitioned out of the foster care system due to age.

What was the response? Agency officials immediately disabled the account after detecting unauthorized activity. The Kentucky Cabinet for Health and Family Services (CHFS), which oversees DCBS, notified affected individuals.

Details: Cabinet officials said there was no evidence that sensitive information in the email account was stolen, and that the attacker likely wanted to spam more people though the state's email server. 

Source: healthcareitnews.com, Healthcare IT News, 2,500 involved in Kentucky data breach,” Sept. 19, 2012.

Previous Post
Next Post
Related Articles
Related Topics
Related Links

Sign up for our newsletters

POLL

More in The Data Breach Blog

Laptop stolen from S.C. medical center contains data on 7k veterans

Laptop stolen from S.C. medical center contains data ...

Last week, hospital officials began notifying patients of the February theft.

Medical records of 2k patients left unprotected on contractor's server

Medical records of 2k patients left unprotected on ...

The records were stored by storage provider working with Glens Falls Hospital in New York.

Doctor's stolen laptop found at pawn shop; data of 652 patients exposed

The psychologist was a private contractor for Washington's Department of Social and Health Services.