480,000 Kansans affected by medical data breaches

TOPEKA (KSNT) – 18 medical data breaches have affected more than 480,000 Kansans since Nov. 5, 2022, according to the U.S. Department of Health and Human Services (DHHS).

Under section 13402(e)(4) of the HITECH Act, the DHHS Office for Civil Rights keeps a list of data breaches of protected health information that have affected 500 people or more, according to the DHHS website.

Medical data has been breached 16 times by hackers and two entities have had data breached through unauthorized access or disclosure. The data breach locations were attributed to email, network servers or electronic medical records, according to DHHS data.

Of the data collected by DHHS, healthcare providers, business associates and health plan providers were affected by the breaches, according to DHHS data.

The largest single data breach was with Hutchinson Clinic, P.A. and impacted 100,000 individuals when a network server was hacked in Feb. 2023.

Upon learning about suspicious activity related to our computer systems in late December 2022, we took immediate action by securing our network and launching an investigation. At Hutchinson Clinic, patient care is our top priority and throughout this incident and subsequent review processes, we have maintained the high level of clinical excellence our patients and community expect and deserve from us.

We remain committed to fully complying with all state and federal requirements and maintaining timely and transparent communication with our employees, our patients, and the community. We thank the community members of Hutchinson for their grace and the continued opportunity to serve them by putting their health first.

Hutchinson Clinic, P.A. Marketing and Communications Manager Cheryl A. Gonsalves statement

Documented data breaches from Nov. 2022 to present:

Name of EntityIndividuals ImpactedType of BreachDateHutchinson Clinic, P.A. 100,000Hacking/IT Incident02/17/2023Blue Cross and Blue Shield of Kansas1,308Hacking/IT Incident10/14/2022Wichita Urology Group, PA (“WUG”) 1,493Hacking/IT Incident03/08/2023New Medical Healthcare1,557Unauthorized Access/Disclosure03/22/2023McPherson Hospital, Inc.19,020Hacking/IT Incident09/26/2022Medical Surgical Eye Care2,000Hacking/IT Incident03/28/2022Frank Eye Center, P.A.26,333Hacking/IT Incident04/29/2022IMA Financial Group, Inc.2,937Hacking/IT Incident05/10/2023Benefit Management LLC3,356Hacking/IT Incident01/27/2023Family Health Care, Inc33,619Hacking/IT Incident05/24/2022Ad Astra Eye LLC3,684Hacking/IT Incident04/29/2022Great Plains Manufacturing, Inc4,110Hacking/IT Incident12/01/2021ARx Patient Solutions41,166Unauthorized Access/Disclosure06/30/2023Summit Surgical, LLC4,910Hacking/IT Incident12/07/2021Newman Regional Health52,224Hacking/IT Incident04/14/2022Compass Behavioral Health537Hacking/IT Incident02/10/2023Labette Health85,635Hacking/IT Incident03/11/2022Mowery Clinic LLC96,000Hacking/IT Incident11/05/2021