An employee at a Kentucky statewide mental health services organization was fired after the employee allegedly took a list of patients and emailed it to a former employee.

A statement from Kentucky Counseling Center said a former staff member reported receiving an email containing a link to a list of Kentucky Counseling Center patients on Jan. 4. KCC said the breach exposed information on 16,400 patients.

“Based on the organization’s review so far, ‘we believe a staff member took the list without authorization from our computer system on Dec. 6,’ the Courier-Journal reported. ” … We believe that same individual used an anonymous Internet file sharing service to email the list to the former KCC staff member who then reported it to KCC. The individual we believe to be responsible for the email is no longer working with KCC.’ ”

The CJ reported that KCC alerted affected patients and is offering a year of free credit monitoring to each client. The center also said in a statement on its website that it’s set up a toll-free number for patients who have questions about the breach.