KentuckyOne Health

A thousand members of the Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place between April 21 to 27.

971 KEHP members' accounts were accessed by the attacker who used valid login information to infiltrate StayWell, a third-party vendor utilized by KEHP members for their well-being and incentive portal.

The attacker was unable to access important financial and personal information but they were able to view biometric screening and health assessment data.

They were also able to redeem points that members had accumulated on the platform in the form of gift cards.

Source: https://www.govtech.com/security/two-data-breaches-hit-kentucky-employees-health-plan.html

"id": "KEN1494123",
"linkid": "kentuckyone-health",
"type": "Data Leak",
"date": "04/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"