Kentucky Counseling Center

Kentucky Counseling Center reported to HHS an instance of improper access or disclosure involving an EMR that exposed 16,440 patients information .

KCC makes it plain that they believe a former employee stole a list of patient data.

Although the organization doesn't think the person who took the list intended to harm the people on it, they still informed patients of these facts out of an abundance of caution.

Other than some people's previous and/or upcoming appointment dates and, occasionally, the names of KCC doctors involved in their care, the list contained no clinical details on the patients.

They investigated the incident and took further preventive steps.

Source: https://www.databreaches.net/kentucky-counseling-center-notifies-more-than-16000-patients-after-discovering-suspected-insider-wrongdoing-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/kentucky-counseling-center

"id": "ken45516223",
"linkid": "kentucky-counseling-center",
"type": "Data Leak",
"date": "02/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 16440,
                        'industry': 'Healthcare',
                        'location': 'Kentucky',
                        'name': 'Kentucky Counseling Center',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Insider Threat',
 'customer_advisories': 'Informed patients out of an abundance of caution',
 'data_breach': {'number_of_records_exposed': 16440,
                 'type_of_data_compromised': ['Appointment dates',
                                              'Names of KCC doctors']},
 'description': 'Kentucky Counseling Center reported to HHS an instance of '
                'improper access or disclosure involving an EMR that exposed '
                "16,440 patients' information. KCC believes a former employee "
                'stole a list of patient data. Although the organization '
                "doesn't think the person who took the list intended to harm "
                'the people on it, they still informed patients of these facts '
                'out of an abundance of caution. The list contained no '
                "clinical details on the patients, other than some people's "
                'previous and/or upcoming appointment dates and, occasionally, '
                'the names of KCC doctors involved in their care. They '
                'investigated the incident and took further preventive steps.',
 'impact': {'data_compromised': ['Appointment dates', 'Names of KCC doctors']},
 'investigation_status': 'Investigated and took further preventive steps',
 'regulatory_compliance': {'regulatory_notifications': 'Reported to HHS'},
 'response': {'communication_strategy': 'Informed patients out of an abundance '
                                        'of caution'},
 'threat_actor': 'Former Employee',
 'title': 'Improper Access or Disclosure at Kentucky Counseling Center',
 'type': 'Data Breach'}

Kentucky Counseling Center

Rev-A-Shelf

DMC Consolidated, Inc.

Mid-America Apartment Communities