A computer security breach may have resulted in the release of information on 1,090 Kentucky Medicaid clients, including some Social Security numbers.
The Cabinet for Health and Family Services announced Friday that the clients will be receiving letters explaining the breach.
According to the cabinet, an employee of Carewise Health, a Hewlett-Packard Enterprise Services subcontractor that manages Medicaid's information management system, responded to a telephone computer scam in mid-November. That resulted in unauthorized remote access of the computer system.
There is no evidence that the confidential contents were accessed, but the hacker did have access to the employee's laptop for a brief period. The database that could have been accessed contained health and other information, including Social Security numbers for about half of the 1,090 people impacted.
Hewlett-Packard Enterprise Services is arranging for those affected to receive free credit monitoring for a year to detect identity theft.
The cabinet is required to notify clients individually of any potential breach involving more than 500 by the federal Health Insurance Portability and Accountability Act, more commonly known as HIPAA.
Individuals who believe their information might have been involved or who need additional information should contact Hewlett-Packard Enterprise Services at 1-877-298-6108 (select option 1). The phone number will be active for 90 days.