International Circuit
Over 4.8L US citizens affected by medical data breaches
Eighteen medical data breaches have affected more than 480,000 Kansans since Nov. 5, 2021, according to the U.S. Department of Health and Human Services (DHHS).
Under section 13402(e)(4) of the HITECH Act, the DHHS Office for Civil Rights keeps a list of data breaches of protected health information that have affected 500 people or more, according to the DHHS website.
Medical data has been breached 16 times by hackers and two entities have had data breached through unauthorized access or disclosure. The data breach locations were attributed to email, network servers or electronic medical records, according to DHHS data.
Of the data collected by DHHS, healthcare providers, business associates and health plan providers were affected by the breaches, according to DHHS data.
The largest single data breach was with Hutchinson Clinic, P.A. and impacted 100,000 individuals when a network server was hacked in Feb. 2023.
Upon learning about suspicious activity related to our computer systems in late December 2022, we took immediate action by securing our network and launching an investigation. At Hutchinson Clinic, patient care is our top priority and throughout this incident and subsequent review processes, we have maintained the high level of clinical excellence our patients and community expect and deserve from us.
“We remain committed to fully complying with all state and federal requirements and maintaining timely and transparent communication with our employees, our patients, and the community. We thank the community members of Hutchinson for their grace and the continued opportunity to serve them by putting their health first.” – Hutchinson Clinic, P.A. Marketing and Communications Manager Cheryl A. Gonsalves statement.
Documented data breaches from Nov. 2021 to present:
| Name of Entity | Individuals Impacted | Type of Breach | Date |
| Hutchinson Clinic, P.A. | 100,000 | Hacking/IT Incident | 02/17/2023 |
| Blue Cross and Blue Shield of Kansas | 1,308 | Hacking/IT Incident | 10/14/2022 |
| Wichita Urology Group, PA (“WUG”) | 1,493 | Hacking/IT Incident | 03/08/2023 |
| New Medical Healthcare | 1,557 | Unauthorized Access/Disclosure | 03/22/2023 |
| McPherson Hospital, Inc. | 19,020 | Hacking/IT Incident | 09/26/2022 |
| Medical Surgical Eye Care | 2,000 | Hacking/IT Incident | 03/28/2022 |
| Frank Eye Center, P.A. | 26,333 | Hacking/IT Incident | 04/29/2022 |
| IMA Financial Group, Inc. | 2,937 | Hacking/IT Incident | 05/10/2023 |
| Benefit Management LLC | 3,356 | Hacking/IT Incident | 01/27/2023 |
| Family Health Care, Inc | 33,619 | Hacking/IT Incident | 05/24/2022 |
| Ad Astra Eye LLC | 3,684 | Hacking/IT Incident | 04/29/2022 |
| Great Plains Manufacturing, Inc | 4,110 | Hacking/IT Incident | 12/01/2021 |
| ARx Patient Solutions | 41,166 | Unauthorized Access/Disclosure | 06/30/2023 |
| Summit Surgical, LLC | 4,910 | Hacking/IT Incident | 12/07/2021 |
| Newman Regional Health | 52,224 | Hacking/IT Incident | 04/14/2022 |
| Compass Behavioral Health | 537 | Hacking/IT Incident | 02/10/2023 |
| Labette Health | 85,635 | Hacking/IT Incident | 03/11/2022 |
| Mowery Clinic LLC | 96,000 | Hacking/IT Incident | 11/05/2021 |
KSNT.com
