KANSAS DEPARTMENT FOR AGING AND DISABILITY SERVICES

Kansas Department for Aging and Disability Services got into the breach of Protected Health Information of 11,000 consumers.

An employee sent an unauthorized email containing personal or protected health information to a group of current KDADS business associates.

KDADS immediately began to reach out to the business associates and to affected consumers.

The email included consumer names, addresses, dates of birth, Social Security numbers, gender, in-home services program participation information and Medicaid identification numbers.

No banking, credit card or driver license information was included.

Source: https://www.databreaches.net/kansas-department-for-aging-and-disability-services-notifies-11000-consumers-about-breach-of-protected-health-information/

TPRM report: https://scoringcyber.rankiteo.com/company/kansas-department-for-aging-and-disability-services

"id": "kan15811622",
"linkid": "kansas-department-for-aging-and-disability-services",
"type": "Breach",
"date": "03/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '11,000',
                        'industry': 'Health and Social Services',
                        'location': 'Kansas, USA',
                        'name': 'Kansas Department for Aging and Disability '
                                'Services',
                        'type': 'Government Agency'}],
 'attack_vector': 'Unauthorized Email',
 'data_breach': {'number_of_records_exposed': '11,000',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         'Gender',
                                                         'Medicaid '
                                                         'identification '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Protected Health Information']},
 'description': 'An employee sent an unauthorized email containing personal or '
                'protected health information to a group of current KDADS '
                'business associates.',
 'impact': {'data_compromised': ['Consumer names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Social Security numbers',
                                 'Gender',
                                 'In-home services program participation '
                                 'information',
                                 'Medicaid identification numbers']},
 'initial_access_broker': {'entry_point': 'Email'},
 'response': {'communication_strategy': 'Reaching out to business associates '
                                        'and affected consumers'},
 'threat_actor': 'Employee',
 'title': 'Kansas Department for Aging and Disability Services Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Error'}