Wyandot Center, a nonprofit mental health care provider based in Kansas City, Kan., recently experienced a significant data breach that may have affected individuals who have used its services. The incident involved unauthorized access to portions of the organization’s network over a two-day period, potentially exposing sensitive personally identifiable information (PII) and personal health information (PHI).
Details of the data breach
On Nov. 19, 2025, Wyandot Center disclosed that it had discovered unusual activity within its systems. After engaging third-party cybersecurity specialists to investigate, it was determined that unauthorized access occurred between Sept. 21 and Sept. 22, 2025. The breach may have resulted in the unauthorized access or acquisition of information belonging to individuals who received services from the organization.
Compromised data may include first and last name, address, date of birth, Social Security number, patient ID, medical record number, health insurance information, service date, diagnosis or condition information, provider name, prescription information and medical history information.
Wyandot Center completed a thorough review of the affected data by Nov. 5, 2025, and began notifying individuals whose information may have been involved. The organization has not specified the exact number of people affected, but the range of data exposed indicates the breach could have serious consequences for those impacted.
The company posted a n
Source: https://www.claimdepot.com/data-breach/wyandot-center-2025
Wyandot Behavioral Health Network cybersecurity rating report: https://www.rankiteo.com/company/wyandotbhn
"id": "WYA1764634700",
"linkid": "wyandotbhn",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': None,
'industry': 'Healthcare (Mental Health '
'Services)',
'location': 'Kansas City, Kan.',
'name': 'Wyandot Center',
'size': None,
'type': 'Nonprofit'}],
'customer_advisories': 'Notifications sent to affected '
'individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential unauthorized '
'access or acquisition',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, '
'medical records, and '
'health insurance '
'details)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Protected Health '
'Information '
'(PHI)']},
'date_detected': '2025-11-19',
'date_publicly_disclosed': '2025-11-19',
'description': 'Wyandot Center, a nonprofit mental health care '
'provider based in Kansas City, Kan., experienced '
'a data breach involving unauthorized access to '
'its network over a two-day period. The breach '
'potentially exposed sensitive personally '
'identifiable information (PII) and personal '
'health information (PHI) of individuals who used '
'its services.',
'impact': {'brand_reputation_impact': 'Potentially serious due '
'to exposure of sensitive '
'health and personal data',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['First and last name',
'Address',
'Date of birth',
'Social Security number',
'Patient ID',
'Medical record number',
'Health insurance information',
'Service date',
'Diagnosis or condition '
'information',
'Provider name',
'Prescription information',
'Medical history information'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (due to exposure of SSNs '
'and PII)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed review of affected data by '
'2025-11-05; ongoing notifications',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Began notifying affected '
'individuals by '
'2025-11-05',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Engaged third-party '
'cybersecurity '
'specialists for '
'investigation'},
'title': 'Data Breach at Wyandot Center Exposes Sensitive PII '
'and PHI',
'type': 'Data Breach'}