Cyberciminals Access PHI, Steal Gift Cards from Kentucky Health Plan
Hackers were able to access protected health information and fraudulently obtain gift cards from the Kentucky Employees’ Health Plan; multiple insider incidents and improper records disposal complete this week’s breach roundup.
The Commonwealth of Kentucky Personnel Cabinet is notifying nearly 1,000 Kentucky Employees’ Health Plan (KEHP) members that some of their personal and protected health information was potentially compromised after a security incident on its well-being and incentive program portal.
The KEHP LivingWell portal is hosted by StayWell, a third-party vendor tasked with administering KEHP’s well-being program. According to its notice, the portal experienced two separate malicious cyberattacks: The first occurred for six days between April 21 and 27, while the second incident lasted for 10 days from May 12 to May 22.
The investigation determined a hacker gained access to...