North Kansas City Hospital
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
North Kansas City Hospital (NKCH) experienced a data breach due to an incident involving their third-party vendor, Perry Johnson & Associates, Inc. (PJ&A), which provided medical transcription services for the hospital and its subsidiary, Meritas Health Corporation. The breach was first discovered by PJ&A on July 21, 2023, when they detected unauthorized access to their systems. The unauthorized access occurred between March 27, 2023, and May 2, 2023[1][3][5][7][9].
The data potentially accessed included patients’ demographic information (such as names, dates of birth, gender, phone numbers, and addresses), health insurance information, and some clinical information. Importantly, patients’ Social Security Numbers were not impacted by this incident[1][3][5].
Upon learning of the breach, NKCH took immediate steps to implement additional safeguards and review their data privacy and security policies. They also ceased sharing any information with PJ&A, and PJ&A no longer provides services to NKCH or Meritas[1][5]. NKCH confirmed that their own systems, as well as those of Meritas and the Clay County Public Health Center (CCPHC), were not affected by the breach[1][9].
NKCH has been mailing letters to potentially affected individuals and encourages those impacted to remain vigilant by reviewing their account statements, health insurance billing, and credit reports for any suspicious activity. They have also provided a phone number for those needing assistance or with questions regarding the breach: 1-888-928-1264, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time[1][3][5].
The breach at PJ&A was reported to the HHS’ Office for Civil Rights as affecting 8,952,212 individuals, while NKCH reported that the protected health information of 502,438 individuals was compromised[7]. Patients affected by the breach are advised to take appropriate steps to mitigate the risk of medical identity theft and fraud[7].
Citations:
- https://www.nkch.org/pja-data-event/
- https://www.kctv5.com/news/
- https://www.kctv5.com/2024/01/04/north-kansas-city-hospital-notifies-patients-possible-data-breach/
- https://www.labcorp.com
- https://fox4kc.com/health/north-kansas-city-hospital-warns-patients-of-possible-data-breach/
- https://twitter.com/rawsalerts
- https://www.thelyonfirm.com/blog/north-kansas-city-hospital-data-breach/
- https://www.sacbee.com
- https://healthitsecurity.com/news/kansas-hospital-impacted-by-pja-data-breach
- https://www.ctvnews.ca/canada/n-l-government-wants-ad-removed-as-critics-blast-vrbo-online-1.6765314
- https://www.bizjournals.com/kansascity/news/2024/01/04/north-kansas-city-patient-data-breach.html
- https://www.humana.com
- https://www.idstrong.com/sentinel/half-a-million-patients-exposed-in-north-kansas-hospital-vendor-breach/
- https://www.databreachtoday.com
- https://www.mycouriertribune.com/news/data-breach-may-comprise-north-kansas-city-hospital-patients/article_68b568a4-ba25-56d6-9256-3b9137348713.html