Kansas
Table of Contents
- Identity Theft Statistics
- Top Ten Report Categories
- Top Identity Theft Types
- Fraud & Other Reports by Metropolitan Area
- Kansas’s Recent Biggest Data Breaches
- What Should You Do if You Are in a Breach?
- Step-by-Step Process for Responding to a Data Breach
- Responsibilities of Companies that Have Been Breached
- Laws
- Resources
Data breaches occur when an unauthorized party accesses sensitive or personal data. Individuals or entities that license or handle these information types typically have high-security measures to stop cybercriminals from accessing and stealing data. Unfortunately, breaches occur via email hacking, malware, denial of service, phishing, and identity theft. Kansas ranks average when it comes to the number of victims annually at 37th, though the losses amounted to $94,158,337 in 2023. Most of these breaches have occurred in healthcare and educational facilities rather than small or medium-sized enterprises.
Identity Theft Statistics
Reports
Reports
Losses
Top Ten Report Categories
Top Identity Theft Types
Kansas's Recent Biggest Data Breaches
Psychiatry Associates Of Kansas City Data Breach
In September 2023, the Psychiatric Associates of Kansas City discovered a breach that targeted its information systems via malware. This software allowed an unauthorized party to access their patient information servers. When they discovered the breach, PAKC moved to immediately shut down the affected systems and engaged the assistance of external forensic experts. They also notified federal authorities concerning the breach. Some of the information involved, courtesy of the breach, included patient records, treatment codes, and medical record numbers. PAKC claimed the servers did not have Social Security numbers or other financial data. Though the organization is unaware of any misuse of the exposed information, they offered complimentary identity monitoring to everyone affected. This incident impacted 18,255 patients.
North Kansas City Hospital Data Breach
In July 2023, Perry Johnson & Associates, which functions as a vendor for the North Kansas City Hospital, discovered an unauthorized party had breached it. The vendor immediately began an investigation to assess the nature of the data breach incident with the assistance of third-party cybersecurity specialists. Perry Johnson also reviewed the data that was at risk. It determined that patients' names, birth dates, phone numbers, health insurance, and clinical details were exposed during the incident. Social Security data remained intact, though. Both PJ&A and the North Kansas City Hospital took steps to bring additional safety measures to their systems. The hospital also mailed letters to the potentially affected personnel.
Wichita Urology Group Data Breach
In January 2023, the Wichita Urology Group discovered some suspicious activity happening within its network. The group promptly started an investigation and engaged the assistance of an external cybersecurity firm to investigate the problem. From the investigation, it became apparent that an unauthorized third party had accessed their files. Some of the information exposed included name, billing details, insurance policies, Social Security numbers, and prescriptions. It notified the 1,500 affected individuals, though it is unaware of any identity theft that occurred because of the event. Wichita Urology Group offered identity protection and credit monitoring to those who were involved.
Hutchinson Clinic, P.A Data Breach
In December 2022, Hutchinson Clinic became aware of unauthorized access to its network. They immediately began investigating and found that the unwanted party could acquire and take certain information stored within their network. Information including names, medical procedures, providers, treatment information, and patient account numbers may have been accessed. This breach reportedly affected an estimated 100,000. Hutchinson Clinic also posted a notice of the breach on its website. They also sent notification letters to all whose information may have been compromised.
Newman Regional Health Data Breach
Newman Regional Health provided a data breach notice of an incident between January and November 2021. Upon discovering the breach, the company immediately secured the accounts and launched an investigation to ascertain the nature of the breach. Following a review of the exposure incident, it determined people's names, birth dates, medical records, addresses, phone numbers, email addresses, health insurance, and employee data. Fifty-two thousand two hundred twenty-four people were affected by the breach. A limited group may also have had their Social Security or financial details accessed. The company did not indicate any specific measures taken to prevent a similar occurrence in the future.
What Should You Do if You Are in a Breach?
Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.
Unfamiliar
Credit Card Charges
If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.
Calls from
Debt Collectors
Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.
New Credit Cards
or Loans in Your Name
A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.
Surprise Credit
Score Drops
Sudden credit drops with no obvious cause are a sign of suspicious activities.
Unusual Activity on Your
Social Security Account
The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.
Inability to
Sign-in to Accounts
If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.
Step-by-Step Process for Responding to a Data Breach
Contact Local Law Enforcement
As an individual or a business, report the incident to the police and file a police report.
Assess and Secure Compromised Areas
Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.
Contain the Breach
Isolate the affected system to prevent further damage.
Create New, Strong Passwords for All Accounts
This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.
Notify Affected Institutions
Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.
Update Security on Digital Accounts
Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.
Check for Malware
Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.
Freeze Your Credit
In cases of identity theft, contact all credit bureaus to freeze your credit.
Monitor Your Mail and Credit Reports
Keep an eye out for any unauthorized changes in your mail.
Engage Legal Assistance When Applicable
If you are a business, consider hiring a law firm experienced in handling data breaches.
Responsibilities of Companies that Have Been Breached
All businesses or organizations that license and handle information must notify consumers whose data has been compromised following a system breach. A notification should be given within the most suitable time possible. That is provided it does not interfere with an ongoing law enforcement investigation. If so, an exception might be made. The Kansas data breach notification regulation considers personal information as first names or initial and last names in combination with driver's licenses, Social Security, or financial account numbers.
Businesses have to provide communication to residents by written or email notice. If notifying the affected individuals will cost more than $100,000 or more than 5,000 are directly affected, then the entity may do a substitute notice. A substitute notice is also implemented when the business does not have enough contact information on the affected. This can be done by reporting to the statewide media outlets and conspicuously posting the notice on the entity's website. Breaches involving more than 1,000 individuals in Texas must be relayed to the nation's consumer reporting agencies.
Businesses that have their notification protocols and whose processes are consistent with Kansas's timing requirements comply with the state's notice regulations. That said, the attorney general in Kansas is allowed by law to seek remedies on behalf of victims of entities that fail to comply with the set policies.
Laws
- 2014 Kansas article 7a on Protection of Consumer information indicates that a person conducting business in the state that owns or licenses computerized data with personal information, if they become aware of a breach, act in good faith to investigate and notify all affected expediently.
- The Kansas No-Call Act (Kan. Stat. §50-670) allows residents to register their telephone and cell phone numbers to ensure they do not get unsolicited telemarketing sales calls.
- The Kansas Consumer Protection Act (KCPA) protects all clients from suppliers who commit deceptive practices and from un-bargained warranty disclaimers.