The personal data of 11,000 people has been compromised after an employee at the Kansas Department for Aging and Disability Services (KDADS) sent an email containing confidential information to a group of business associates.
The compromised data is said to include names, addresses, Social Security numbers, dates of birth, Medicaid identification numbers, and in-home service information of KDADS’s consumers. Payment card information was not included.
KDADS has launched an investigation and reached out to its associates in a bid to reduce the impact. Fortunately, there are contract/associate agreements in place to prevent further dissemination, unauthorized use, and/or disclosure.
Those affected are being informed and advised of preventative actions that they can take to protect themselves.
KDADS has apologized and is reviewing internal policies and procedures to prevent similar incidents from occurring in the future.
Although the breach is an example of human error rather than malicious intent, it reiterates the importance of training staff to ensure confidential information is handled appropriately. Staff need to be aware of the risks that their actions carry and the effect they can have. Preventable data breaches can incur fines and result in reputational damage among customers and stakeholders. Even accidental breaches risk information falling into the wrong hands and being used maliciously.
Educate your staff
Our Information Security Staff Awareness eLearning Course will give your staff a better understanding of what is expected of them. The course will advise them on how to avoid becoming a security liability, introduce them to internal policies on incident reporting and responses, and provide basic knowledge of information security best practice to reduce preventable mistakes.