The Kentucky Cabinet for Health and Family Services, home to most of the state’s human services and healthcare programs, has reported a data breach that occurred when an employee with the Cabinet’s Department for Community Based Services (DCBS) responded to a “phishing” e-mail sent by a hacker. According to the agency, unauthorized activity on the account was identified within a half hour and the account was immediately disabled. The agency has informed 2,500 clients that the breach may have resulted in the unintentional release of their personal information.
The agency says there is no evidence that the hacker accessed the confidential contents of the e-mail account, but acknowledges they did have access to the email account for a brief period. The information that may have been accessed was a database with the names, birthdates, and most recent address of those who had been freshly aged out of the foster care system.
“In all likelihood, the hacker intended to access the state government e-mail server to send spam emails and did not access or view client information,” Rodney Murphy, executive director of the Office of Administrative and Technology Services, said in a statement. “However, out of an abundance of caution, we are notifying clients who might have been affected by this incident. The Cabinet and DCBS take our role of safeguarding the personal information of those we serve very seriously and have increased awareness activities for staff to help protect against future issues of this kind.”