Nearly 1,000 members of Kentucky Employees’ Health Plan hit by data breach

Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2.

During the first attack, from April 21 to 27, 971 KEHP members accounts were accessed by a “bad actor” who used valid login information to infiltrate StayWell, a third-party vendor utilized by KEHP members for their well-being and incentive portal.

This portal offers financial rewards for completion of certain challenges and goals in order to promote a healthier lifestyle among members.