Mishandled emails cause breach at Kansas disability agency

On February 23, the Kansas Department for Aging and Disability Services became aware of a potential breach of protected health information after an employee sent an unauthorized email containing personal health information to a group of current KDADS business associates.

Each business associate was to get an email with information pertinent to the patient cases they were handling, according to a spokesperson for the department. But every business associate got the full list of caseloads.

Consequently, the employee who sent out the emails and the employee’s supervisor have been terminated, and about 11,000 affected individuals have been notified of the breach.

Kansas Neurological Institute-CROP.png

Compromised information included consumer names, addresses, dates of birth, Social Security numbers, gender, in-home services program participation information and Medicaid identification numbers. No banking, credit card or driver license information was included.

The agency did not respond to a request for more information on the incident.

KDADS is investigating the incident to determine how it occurred and is putting in place additional safeguards to prevent a reoccurrence. To date, the agency has verified that protected health information was only disclosed to known business associates who are obligated to protect it, according to the spokesperson.

Affected individuals are being urged to place a security freeze and fraud alert on their credit reports and to order a free credit report from each credit agency.

For reprint and licensing requests for this article, click here.