A now-fired staff member with Kansas’ Department for Aging and Disability Services improperly disclosed personal information for 11,000 people in an email sent to multiple addresses, state officials acknowledged last week.
Department spokeswoman Angela de Rocha said the breach includes Social Security numbers, birthdates and other identifying information for Medicaid recipients and others. The agency said it had no indication the information had been misused since the disclosure was discovered last month.
The information was improperly emailed to local contractors with the state’s 11 area agencies on aging.
“KDADS emailed all of the individuals on the recipient list, advised them of the situation and asked them to delete or destroy the email,” de Rocha said, according to radio station KCUR.
She added that sending personal information about a specific individual to a local organization assisting them would not have been a violation. The issue arose because the employee shared information with multiple organizations.
The state is contacting affected individuals to inform them about the data breach and recommending they freeze their credit information with the three major reporting bureaus.
The employee responsible was fired, and the state is reviewing its security policies.
