KANSAS CITY, Mo. — As the metro continues to face the threat of data breaches at hospitals and medical clinics, Children’s Mercy Hospital now faces a lawsuit for a breach that occurred months ago.
Information, from names and medical record numbers to dates of hospital stays, may have been compromised for more than 60,000 people.
In a letter sent to patients impacted by the breach, the hospital said several employees fell victim to an email phishing scam last winter.
Susan Robinson, whose daughter received care at the facility, received a letter in May about the breach.
“It’s kind of alarming,” she said. “Our information is out there. We don’t know who has it. We don’t know what it’s being used for.”
The case with Children’s Mercy Hospital helped shine a light on data breaches at medical facilities across the country.
According to the United States Department of Health and Human Services, Missouri had 19 open investigations of data breaches at hospitals and clinics as of July 16.
A full list of the investigations can be found here.
The lawsuit against Children’s Mercy was filed by the McShane & Brady law firm last week and awaits further developments in court.
Moving forward, Robinson said she would pay close attention to her daughter’s records.
“We’ll just keep an eye and see if we come across anything that’s weird or coming to our house with names and addresses,” she said.
Aside from sending letters to people possibly impacted by the breach, Children’s Mercy Hospital automatically enrolled the patients in an identity theft protection program free of charge.
To help people navigate through what to do if they are a victim of medical identity theft, visit the Federal Trade Commission’s website.