KentuckyOne Health

The Kentucky Employees’ Health Plan (KEHP) became a victim of a data breach for the second time in a consecutive month that took place from May 12 to 22.

The second data breach was a direct result of the first attack which happened from April 21 to 27.

971 KEHP members' accounts were accessed by a bad actor who used valid login information to infiltrate StayWell, a third-party vendor utilized by KEHP members for their well-being and incentive portal in the first attack.

42 of the original 971 targeted members also had their Commonwealth email accounts infiltrated in the second attack.

An additional $7,700 in fraudulent gift card redemptions resulted from this attack.

Source: https://www.govtech.com/security/two-data-breaches-hit-kentucky-employees-health-plan.html

"id": "KEN1494123",
"linkid": "kentuckyone-health",
"type": "Breach",
"date": "05/2020",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"