Cabinet for Health and Family Services Data Breach (2012)

The Cabinet for Health and Family Services in Frankfort, Ky., is informing approximately 2,500 clients of a possible data breach that may have released information held by the Cabinet's Department for Community Based Services. The Cabinet for Health and Family Services (CHFS) is informing 1,090 Medicaid clients by letter of a computer security breach that may have resulted in the unintentional release of information held by Hewlett-Packard Enterprise Services (HP ES), the vendor that manages Medicaid’s information management system. In mid-November, an employee of Carewise Health, a subcontractor of HP ES, responded to a telephone computer scam, resulting in unauthorized remote access to a computer that contained a database with information on the Medicaid clients. HP ES and Carewise Health disabled the laptop as soon as the breach was reported, and notified CHFS. Typically such scams are targeted at charging people for unnecessary computer services. While there is no evidence that the confidential contents of the database were accessed, the hacker did have access to the employee’s laptop for a brief period. The database included health and other information about the individuals being notified, including social security numbers for less than half the individuals. HP ES is arranging for those affected to receive free credit monitoring to detect identity theft for one year.