Kentucky Counseling Center notifies more than 16000 patients after insider-perp steals data

• The counseling center notified that a former employee stole patient information from their computer system.
• KCC has informed Health and Human Services (HHS) of the incident that occurred two months ago.

In a recent development, Kentucky Counseling Center (KCC) has notified over 16000 patients of a data breach that occurred in December 2018.

The counseling center suffered a breaching incident which was perpetrated by an employee. Its believed that the insider had unauthorized access to its computer systems and as a result stole the patient information.

The incident came into light when a former employee informed KCC. He said that he had received a list of patient information through email from an anonymous entity.

No clinical data known to be leaked

In a notice released by KCC, it mentions that the breach did not negatively impact its patient data. Regarding the data exposed in the breach, the center said that basic information of patients along with their Social Security numbers is likely to be affected.

“The type of information on the list varied for different people, but may have included the following: name; address; date of birth; email; phone number; sex; Social Security Number; marital and employment status; insurance payer and insurance number. The list did not include any clinical information other than the date of the last and/or next appointment for some individuals; and, in some cases, the names of KCC clinicians involved in an individual’s care,” the notice elaborated.

For those affected by the breach, KCC is providing free credit monitoring for one year. In addition, it has urged all its patients to review account statements and credit reports for suspicious activities.