The Kansas Department for Aging and Disability Services is notifying 11,000 of its consumers that an employee sent an unauthorized email containing their protected health information to a group of KDADS business associates, agency spokesperson Angela de Rocha told Becker's Hospital Review.
On Feb. 23, the agency learned the employee, who has since been terminated, sent an email to a group of its business associates that contained an attachment listing some of its members' PHI.
Consumer names, addresses, dates of birth, Social Security numbers, gender, in-home services program participation information and Medicaid identification numbers were included in the attachment. No banking, credit card or driver license information was included.
Since the information had been disseminated to KDADS' business associate, the agency had contracts in place to protect further disclosure of the information. KDADS has no evidence the information had been misused or publicly disclosed.
"KDADS apologizes sincerely to the consumers affected for any distress or inconvenience this may cause. KDADS is undertaking an immediate review of policies and procedures relevant to preventing a similar situation from occurring," a notice on the agency's website states.
More articles on cybersecurity:
UC San Francisco, Samsung partner on blood pressure app for research
Researchers use EHRs to identify hypertension among safety-net patients
NIH's genome institute to unveil new roadmap for genomics research in 2020