KY Cabinet for Health and Family Services (CHFS)

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at the Kentucky Cabinet for Health and Family Services (CHFS) was reported by HackNotice, a service that monitors data streams related to breaches, leaks, and hacks[1]. However, the details of the breach, such as the date it occurred, the nature of the compromised data, and the number of individuals affected, are not provided in the search results.

It is important to note that while the search results mention a data breach at Kentucky Catholic Health Initiatives hospitals, which was part of a ransomware attack on the CommonSpirit health-care system affecting several states including Kentucky, this incident is separate from the CHFS breach[2].

The CHFS has policies in place for privacy impact assessments, incident response, and reporting, as well as privacy and security awareness programs, which outline procedures for auditing, monitoring, and responding to security incidents[3][4][5]. These policies are designed to protect sensitive and confidential information and to ensure compliance with state and federal regulations.

Previous incidents involving CHFS include a breach reported in 2015, where 1,090 Medicaid clients were notified about a security breach that may have resulted in the unintentional release of information held by a subcontractor’s employee who fell for a telephone computer scam[7]. Another incident in 2012 involved a phishing attack that compromised the email server of the Kentucky Department for Community Based Services, potentially exposing personal information of approximately 2,500 individuals[17].

For the most recent breach at CHFS, the specific details are not available in the provided search results. Individuals concerned about their data or seeking more information about the breach would typically be advised to contact CHFS directly or monitor their statements and credit reports for any unauthorized activity.

Citations:

  1. https://hacknotice.com/2023/12/02/ky-cabinet-for-health-and-family-services-chfs/
  2. https://www.heraldledger.com/uncategorized/kentucky-catholic-health-initiatives-hospitals-suffer-data-breach/article_3c98bc2b-23e2-53fd-94cb-fa2dec8f92b1.html
  3. https://www.chfs.ky.gov/agencies/os/oats/polstand/Privacy-%20Monitoring%20Oversight%20and%20Audit%20Privacy%20Controls%20Policy.pdf
  4. https://www.chfs.ky.gov/agencies/os/oats/polstand/050102Information%20Systems%20IR%20and%20Reporting.pdf
  5. https://www.chfs.ky.gov/agencies/os/oats/polstand/050101Privacy%20and%20Security%20Awareness%20Program.pdf
  6. https://casetext.com/case/ky-cabinet-for-health-family-servs-v-puckett
  7. https://www.databreaches.net/cabinet-for-health-and-family-services-notifies-1090-medicaid-patients-after-subcontractors-employee-fell-for-a-scam/
  8. https://www.kentoncounty.org/AgendaCenter/ViewFile/Item/3695?fileID=5838
  9. https://oig.hhs.gov/oas/reports/region4/41800123.pdf
  10. https://www.chfs.ky.gov/agencies/dph/dls/Documents/HIPAAForm.pdf
  11. https://medicine.uky.edu/sites/default/files/inline-files/KHIE%20CyberSecurity%20Issues%206-09-2017.pdf
  12. https://www.kentucky.gov/government/Pages/agency.aspx
  13. https://casetext.com/case/puckett-v-cabinet-for-health-family-servs
  14. https://www.fcc.gov/sites/default/files/cma-kentucky-lifeline-12172018.pdf
  15. https://silverleafky.org/mandatory-reporting/
  16. https://caselaw.findlaw.com/court/ky-supreme-court/2170857.html
  17. https://www.scmagazine.com/news/kentucky-health-agency-breached-after-worker-falls-for-phish-ploy
  18. https://law.justia.com/cases/kentucky/supreme-court/2021/2019-sc-0282-dg.html
  19. https://www.kentucky.gov/policies/Pages/default.aspx
  20. https://casetext.com/case/lunsford-v-kentucky-cabinet-for-health-family-servs
Breach Submission Date Dec 03, 2023
Converted Entity Name KY Cabinet for Health and Family Services (CHFS)
Converted Entity Type Healthcare Provider
State KY
Individuals Affected 2,062
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes