Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the North Kansas City Hospital DBA NKC Health data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About North Kansas City Hospital DBA NKC Health
North Kansas City Hospital, operating as NKC Health, is a major healthcare system serving the Kansas City region. The organization has recently undergone a significant transformation, combining North Kansas City Hospital and Meritas Health to form the unified NKC Health brand.
NKC Health offers a wide range of inpatient and outpatient services, including a Level III neonatal intensive care unit, cardiovascular and orthopedic programs, cancer care, and hospice services. The health system is known for its use of advanced technology, such as robotic surgery and specialized diagnostic tools.
What's Happening?
NKC Health recently announced a data breach involving its electronic medical record vendor, Cerner. According to the hospital, an unauthorized third party gained access to data maintained by Cerner. The investigation revealed that this access began as early as Jan. 22, 2025.
Law enforcement required Cerner to delay notifying patients and hospital customers to avoid interfering with their investigation. NKC Health has stated that their own systems were not directly accessed, but patient
Source: https://www.claimdepot.com/investigations/nkc-health-data-breach-2025
VNA An Affiliate of Midland Care Connection cybersecurity rating report: https://www.rankiteo.com/company/vnahomehealthhospice
"id": "VNA1764694286",
"linkid": "vnahomehealthhospice",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and '
'hospital customers',
'industry': 'Healthcare',
'location': 'Kansas City, Missouri, USA',
'name': 'North Kansas City Hospital DBA '
'NKC Health',
'size': None,
'type': 'Healthcare System'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Delayed notification to patients and '
'hospital customers due to law '
'enforcement requirements',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'identifiable '
'information'},
'date_detected': '2025-01-22',
'description': 'NKC Health announced a data breach involving its '
'electronic medical record vendor, Cerner. An '
'unauthorized third party gained access to data '
'maintained by Cerner, with access beginning as '
'early as January 22, 2025. The breach exposed '
'sensitive personally identifiable information of '
'patients and hospital customers.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personally '
'identifiable information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': "Cerner's electronic medical "
'record system'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A.',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Delayed notification due '
'to law enforcement '
'requirements',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'North Kansas City Hospital DBA NKC Health Data Breach',
'type': 'Data Breach'}