North Kansas City Hospital

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

North Kansas City Hospital (NKCH) experienced a data breach due to an incident involving their third-party vendor, Perry Johnson & Associates, Inc. (PJ&A), which provided medical transcription services for the hospital and its subsidiary, Meritas Health Corporation. The breach was first discovered by PJ&A on July 21, 2023, when they detected unauthorized access to their systems. The unauthorized access occurred between March 27, 2023, and May 2, 2023[1][3][5][7][9].

The data potentially accessed included patients’ demographic information (such as names, dates of birth, gender, phone numbers, and addresses), health insurance information, and some clinical information. Importantly, patients’ Social Security Numbers were not impacted by this incident[1][3][5].

Upon learning of the breach, NKCH took immediate steps to implement additional safeguards and review their data privacy and security policies. They also ceased sharing any information with PJ&A, and PJ&A no longer provides services to NKCH or Meritas[1][5]. NKCH confirmed that their own systems, as well as those of Meritas and the Clay County Public Health Center (CCPHC), were not affected by the breach[1][9].

NKCH has been mailing letters to potentially affected individuals and encourages those impacted to remain vigilant by reviewing their account statements, health insurance billing, and credit reports for any suspicious activity. They have also provided a phone number for those needing assistance or with questions regarding the breach: 1-888-928-1264, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time[1][3][5].

The breach at PJ&A was reported to the HHS’ Office for Civil Rights as affecting 8,952,212 individuals, while NKCH reported that the protected health information of 502,438 individuals was compromised[7]. Patients affected by the breach are advised to take appropriate steps to mitigate the risk of medical identity theft and fraud[7].

Citations:

  1. https://www.nkch.org/pja-data-event/
  2. https://www.kctv5.com/news/
  3. https://www.kctv5.com/2024/01/04/north-kansas-city-hospital-notifies-patients-possible-data-breach/
  4. https://www.labcorp.com
  5. https://fox4kc.com/health/north-kansas-city-hospital-warns-patients-of-possible-data-breach/
  6. https://twitter.com/rawsalerts
  7. https://www.thelyonfirm.com/blog/north-kansas-city-hospital-data-breach/
  8. https://www.sacbee.com
  9. https://healthitsecurity.com/news/kansas-hospital-impacted-by-pja-data-breach
  10. https://www.ctvnews.ca/canada/n-l-government-wants-ad-removed-as-critics-blast-vrbo-online-1.6765314
  11. https://www.bizjournals.com/kansascity/news/2024/01/04/north-kansas-city-patient-data-breach.html
  12. https://www.humana.com
  13. https://www.idstrong.com/sentinel/half-a-million-patients-exposed-in-north-kansas-hospital-vendor-breach/
  14. https://www.databreachtoday.com
  15. https://www.mycouriertribune.com/news/data-breach-may-comprise-north-kansas-city-hospital-patients/article_68b568a4-ba25-56d6-9256-3b9137348713.html
Breach Submission Date Jan 03, 2024
Converted Entity Name North Kansas City Hospital
Converted Entity Type Healthcare Provider
State MO
Individuals Affected 502,438
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes