It has been discovered that an employee at Kansas Department for Aging and Disability Services (KDADS) sent an unauthorized email to a group of KDADS business associates that included the protected health information of almost 11,000 individuals.
The email was issued to individuals who had already signed a business associate agreement with KDADS which disallows them from disclosing or using inappropriately any emailed protected health information.
KDADs has been in touch with all the business associates who received the information to warn them regarding the error and request they delete or destroy the email and any printed copies of the data. No reports have been submitted to suggest the information has been spread any further than this nor that any of the information has been used improperly.
Governor of Kansas Jeff Colyer said that it is the aims of his administration to prevent incidents like this occurring at all costs. He said: “I want to make sure this doesn’t happen again,” said . “My understanding, at this point, is that the breach was very limited in scope. It was all kept contained.”
He (Coyler) also announced that the worker responsible is no longer employed at the agency. Colyer said “I’m upset about it. I think that employee needed to be terminated. They were”.
The sort of information in the attached documents included names, dates of birth, addresses, Social Security details, genders, Medicaid identification credentials, and in-home services program participation data.
Spokeswoman Angela de Rocha said: “KDADS apologizes sincerely to the consumers affected for any distress or inconvenience this may cause. KDADS is undertaking an immediate review of policies and procedures relevant to preventing a similar situation from occurring,” the agency said in a statement.
Democratic Party Representative for Wichitia Jeff Pittman spoke regarding the data breach during a debate on the House floor recently. He referred to the fact that state agencies vary a lot in security and that some doing insufficient work safeguard personal data. He said: “When that data gets out, their identity gets stolen,” Pittman said. “We are not doing a good job in terms of keeping our data secure.”
The incident has prompted KDADS to revise its policies and procedures to prevent similar incidents from occurring in the future.