cyber Breach

KentuckyOne Health

May 11, 2023 1 min read
KentuckyOne Health

A thousand members of the Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place between April 21 to 27.

971 KEHP members' accounts were accessed by the attacker who used valid login information to infiltrate StayWell, a third-party vendor utilized by KEHP members for their well-being and incentive portal.

The attacker was unable to access important financial and personal information but they were able to view biometric screening and health assessment data.

They were also able to redeem points that members had accumulated on the platform in the form of gift cards.

Source: https://www.govtech.com/security/two-data-breaches-hit-kentucky-employees-health-plan.html

TPRM report: https://scoringcyber.rankiteo.com/company/kentuckyone-health

"id": "ken1494123",
"linkid": "kentuckyone-health",
"type": "Breach",
"date": "04/2020",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 1000,
                        'industry': 'Healthcare',
                        'location': 'Kentucky',
                        'name': 'Kentucky Employees’ Health Plan (KEHP)',
                        'type': 'Health Plan'}],
 'attack_vector': 'Valid login information',
 'data_breach': {'number_of_records_exposed': 971,
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['biometric screening data',
                                              'health assessment data']},
 'date_detected': '2023-04-27',
 'description': 'A data breach occurred at the Kentucky Employees’ Health Plan '
                '(KEHP) affecting a thousand members. The attacker accessed '
                "971 KEHP members' accounts using valid login information to "
                'infiltrate StayWell, a third-party vendor used by KEHP '
                'members for their well-being and incentive portal. The '
                'attacker was able to view biometric screening and health '
                'assessment data and redeem points in the form of gift cards.',
 'impact': {'data_compromised': ['biometric screening data',
                                 'health assessment data'],
            'systems_affected': ['StayWell well-being and incentive portal']},
 'initial_access_broker': {'entry_point': 'Valid login information'},
 'title': 'Data Breach at Kentucky Employees’ Health Plan (KEHP)',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.