North Kansas City Hospital, operating as NKC Health, has announced a significant data breach involving patient information stored by its electronic medical record vendor, Cerner. According to a detailed notice posted by NKC Health, an unauthorized third party gained access to Cerner’s systems as early as Jan. 22, 2025, and obtained data belonging to NKC Health patients.
The breach exposed a range of sensitive information. The data potentially accessed includes personally identifiable information (PII) such as names and dates of birth, as well as protected health information (PHI) including Cerner patient identifiers, medical record numbers, doctors, diagnoses, medicines, test results, images and details of care and treatment.
The full scope of affected individuals has not been specified, but the breach is considered serious due to the nature of the information involved. NKC Health has begun notifying affecting individuals.
NKC Health's response
Upon learning of the incident, NKC Health immediately began requesting information from Cerner regarding the breach. Cerner responded by initiating its critical incident response process, securing the affected systems and engaging external cybersecurity specialists to investigate the breach. Cerner also worked closely with federal law enforcement throughout the process.
If you receive notification from NKC Health or your provider about this breach, you may want to:
Sign up for the free identity theft protection services, if off
Source: https://www.claimdepot.com/data-breach/nkc-health-2025
NKC Health cybersecurity rating report: https://www.rankiteo.com/company/nkc-health
"id": "NKC1764693080",
"linkid": "nkc-health",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': None,
'industry': 'Healthcare',
'location': 'North Kansas City, Missouri, '
'USA',
'name': 'North Kansas City Hospital (NKC '
'Health)',
'size': None,
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized third-party access',
'customer_advisories': 'Notifying affected individuals about the '
'breach and potential identity theft '
'risks',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Names',
'Dates '
'of '
'birth',
'Medical '
'record '
'numbers',
'Doctors',
'Diagnoses',
'Medicines',
'Test '
'results',
'Images',
'Details '
'of care '
'and '
'treatment'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally '
'identifiable '
'information (PII)',
'Protected health '
'information '
'(PHI)']},
'date_detected': '2025-01-22',
'description': 'North Kansas City Hospital (NKC Health) '
'announced a significant data breach involving '
'patient information stored by its electronic '
'medical record vendor, Cerner. An unauthorized '
'third party gained access to Cerner’s systems '
'and obtained data belonging to NKC Health '
'patients, including personally identifiable '
'information (PII) and protected health '
'information (PHI).',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information (PII) and protected '
'health information (PHI)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Cerner’s electronic medical '
'record systems'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Sign up for free identity theft protection '
'services if offered',
'references': [{'date_accessed': None,
'source': 'NKC Health Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': ['HIPAA'],
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifying affected '
'individuals',
'containment_measures': 'Securing affected systems',
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal law '
'enforcement',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'External cybersecurity '
'specialists'},
'title': 'North Kansas City Hospital Data Breach via Cerner '
'Systems',
'type': 'Data Breach'}