Kentucky Health Agency Reports Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Kentucky Health Agency Reports Data Breach

September 20, 2012
by Gabriel Perna
| Reprints

The Kentucky Cabinet for Health and Family Services, home to most of the state’s human services and healthcare programs, has reported a data breach that occurred when an employee with the Cabinet’s Department for Community Based Services (DCBS) responded to a “phishing” e-mail sent by a hacker. According to the agency, unauthorized activity on the account was identified within a half hour and the account was immediately disabled. The agency has informed 2,500 clients that the breach may have resulted in the unintentional release of their personal information.  

The agency says there is no evidence that the hacker accessed the confidential contents of the e-mail account, but acknowledges they did have access to the email account for a brief period. The information that may have been accessed was a database with the names, birthdates, and most recent address of those who had been freshly aged out of the foster care system.

“In all likelihood, the hacker intended to access the state government e-mail server to send spam emails and did not access or view client information,” Rodney Murphy, executive director of the Office of Administrative and Technology Services, said in a statement. “However, out of an abundance of caution, we are notifying clients who might have been affected by this incident. The Cabinet and DCBS take our role of safeguarding the personal information of those we serve very seriously and have increased awareness activities for staff to help protect against future issues of this kind.”

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on