Kansas

Data breaches occur when an unauthorized party accesses sensitive or personal data. Individuals or entities that license or handle these information types typically have high-security measures to stop cybercriminals from accessing and stealing data. Unfortunately, breaches occur via email hacking, malware, denial of service, phishing, and identity theft. Kansas ranks average when it comes to the number of victims annually at 37th, though the losses amounted to $94,158,337 in 2023. Most of these breaches have occurred in healthcare and educational facilities rather than small or medium-sized enterprises.

Identity Theft Statistics

Identity Theft
Reports
39RD
State Rank (Reports per 100K Population)
2,273
Identity Theft Reports
Fraud & Other
Reports
32ND
State Rank (Reports per 100K Population)
15,852
Total Fraud & Other Reports
Fraud
Losses
$10M
Total Fraud Losses
$300
Median Fraud Losses

Top Ten Report Categories

Imposter Scams
24%
Identity Theft
13%
Telephone and Mobile Services
7%
Prizes, Sweepstakes and Lotteries
7%
Online Shopping and Negative Reviews
6%
Debt Collection
5%
Banks and Lenders
4%
Credit Bureaus, Iformation Furnishers and Report Users
4%
Auto Related
3%
Internet Services
3%

Top Identity Theft Types

26%
1,663
Credit Card Fraud
24%
1,580
Bank Fraud
15%
962
Other Identity Theft
14%
897
Government Documents or Benefits Fraud
9%
603
Employment or Tax-Related Fraud
9%
554
Loan or Lease Fraud
4%
252
Phone or Utilities Fraud

Kansas's Recent Biggest Data Breaches

2023
September

Psychiatry Associates Of Kansas City Data Breach

In September 2023, the Psychiatric Associates of Kansas City discovered a breach that targeted its information systems via malware. This software allowed an unauthorized party to access their patient information servers. When they discovered the breach, PAKC moved to immediately shut down the affected systems and engaged the assistance of external forensic experts. They also notified federal authorities concerning the breach. Some of the information involved, courtesy of the breach, included patient records, treatment codes, and medical record numbers. PAKC claimed the servers did not have Social Security numbers or other financial data. Though the organization is unaware of any misuse of the exposed information, they offered complimentary identity monitoring to everyone affected. This incident impacted 18,255 patients.

2023
July

North Kansas City Hospital Data Breach

In July 2023, Perry Johnson & Associates, which functions as a vendor for the North Kansas City Hospital, discovered an unauthorized party had breached it. The vendor immediately began an investigation to assess the nature of the data breach incident with the assistance of third-party cybersecurity specialists. Perry Johnson also reviewed the data that was at risk. It determined that patients' names, birth dates, phone numbers, health insurance, and clinical details were exposed during the incident. Social Security data remained intact, though. Both PJ&A and the North Kansas City Hospital took steps to bring additional safety measures to their systems. The hospital also mailed letters to the potentially affected personnel.

2023
January

Wichita Urology Group Data Breach

In January 2023, the Wichita Urology Group discovered some suspicious activity happening within its network. The group promptly started an investigation and engaged the assistance of an external cybersecurity firm to investigate the problem. From the investigation, it became apparent that an unauthorized third party had accessed their files. Some of the information exposed included name, billing details, insurance policies, Social Security numbers, and prescriptions. It notified the 1,500 affected individuals, though it is unaware of any identity theft that occurred because of the event. Wichita Urology Group offered identity protection and credit monitoring to those who were involved.

2022
December

Hutchinson Clinic, P.A Data Breach

In December 2022, Hutchinson Clinic became aware of unauthorized access to its network. They immediately began investigating and found that the unwanted party could acquire and take certain information stored within their network. Information including names, medical procedures, providers, treatment information, and patient account numbers may have been accessed. This breach reportedly affected an estimated 100,000. Hutchinson Clinic also posted a notice of the breach on its website. They also sent notification letters to all whose information may have been compromised.

2021
January

Newman Regional Health Data Breach

Newman Regional Health provided a data breach notice of an incident between January and November 2021. Upon discovering the breach, the company immediately secured the accounts and launched an investigation to ascertain the nature of the breach. Following a review of the exposure incident, it determined people's names, birth dates, medical records, addresses, phone numbers, email addresses, health insurance, and employee data. Fifty-two thousand two hundred twenty-four people were affected by the breach. A limited group may also have had their Social Security or financial details accessed. The company did not indicate any specific measures taken to prevent a similar occurrence in the future.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Unfamiliar
Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
Sign-in to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach

01

Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.

02

Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.

03

Contain the Breach

Isolate the affected system to prevent further damage.

04

Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.

05

Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.

06

Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.

07

Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.

08

Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.

09

Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.

10

Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

All businesses or organizations that license and handle information must notify consumers whose data has been compromised following a system breach. A notification should be given within the most suitable time possible. That is provided it does not interfere with an ongoing law enforcement investigation. If so, an exception might be made. The Kansas data breach notification regulation considers personal information as first names or initial and last names in combination with driver's licenses, Social Security, or financial account numbers.

Businesses have to provide communication to residents by written or email notice. If notifying the affected individuals will cost more than $100,000 or more than 5,000 are directly affected, then the entity may do a substitute notice. A substitute notice is also implemented when the business does not have enough contact information on the affected. This can be done by reporting to the statewide media outlets and conspicuously posting the notice on the entity's website. Breaches involving more than 1,000 individuals in Texas must be relayed to the nation's consumer reporting agencies.

Businesses that have their notification protocols and whose processes are consistent with Kansas's timing requirements comply with the state's notice regulations. That said, the attorney general in Kansas is allowed by law to seek remedies on behalf of victims of entities that fail to comply with the set policies.

Laws

Resources