Kentucky Mountain Health Alliance Discloses Data Breach Impacting Sensitive Patient Information
Kentucky Mountain Health Alliance Inc., a nonprofit health center based in Hazard, Kentucky, recently reported a data breach exposing sensitive personal and medical information. The incident was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on June 19, 2026, though the exact number of affected individuals nationwide has not been released.
While details about the attack method, breach timeline, and discovery date remain unclear, the exposed data includes driver’s licenses, medical records, and Social Security numbers.
In response, the organization has begun mailing notification letters to impacted individuals and is offering free two-year identity monitoring services through Epiq’s Privacy Solutions ID program. Affected parties can enroll using a unique activation code provided in their letters, with deadlines specified per notification. Support for enrollment is available via Epiq at 866-675-2006 (Monday–Friday, 9:00 a.m.–5:30 p.m. EST).
Kentucky Mountain Health Alliance has also directed individuals to the Federal Trade Commission (1-877-438-4338) and the Massachusetts Office of Consumer Affairs (888-283-3757) for additional identity theft guidance. The organization can be contacted at 606-487-9505 or visited at 279 East Main St., Hazard, KY 41701.
Source: https://www.claimdepot.com/data-breach/kentucky-mountain-health-alliance-2026
Health Kentucky, Inc. cybersecurity rating report: https://www.rankiteo.com/company/health-kentucky-inc.
"id": "HEA1782154182",
"linkid": "health-kentucky-inc.",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'Hazard, Kentucky, USA',
'name': 'Kentucky Mountain Health Alliance Inc.',
'type': 'Nonprofit Health Center'}],
'customer_advisories': 'Individuals directed to Federal Trade Commission and '
'Massachusetts Office of Consumer Affairs for identity '
'theft guidance',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Driver’s licenses',
'Medical records',
'Social Security numbers']},
'date_publicly_disclosed': '2026-06-19',
'description': 'Kentucky Mountain Health Alliance Inc. reported a data breach '
'exposing sensitive personal and medical information, '
'including driver’s licenses, medical records, and Social '
'Security numbers.',
'impact': {'data_compromised': 'Sensitive personal and medical information',
'identity_theft_risk': 'High'},
'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'}],
'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'response': {'communication_strategy': 'Mailing notification letters to '
'impacted individuals',
'remediation_measures': 'Free two-year identity monitoring '
'services',
'third_party_assistance': 'Epiq’s Privacy Solutions ID program'},
'title': 'Kentucky Mountain Health Alliance Data Breach',
'type': 'Data Breach'}