Cyber Incident Victim: Children's Mercy Hospital

Children's Mercy Hospital in Kansas City notified 4,076 individuals of a data breach involving Onsite Health Diagnostics, a vendor contracted by wellness program provider StayWell Health Management. The incident occurred when an Onsite Health Diagnostics system storing personal information was compromised within "the last few months" prior to August 2014. Exposed data included names, addresses, dates of birth, phone numbers, and email addresses of hospital employees and their spouses or domestic partners who participated in a 2012 wellness program. The information resided in a scheduling application used during program registration. StayWell Health Management confirmed the data had been removed from the breached system following discovery.

Children's Mercy Hospital initiated notifications to all affected individuals, with StayWell spokesperson Melissa Gilkerson stating no belief that victims faced identity theft risks due to the non-sensitive nature of the exposed information. The hospital advised impacted parties that no specific actions were necessary. Onsite Health Diagnostics had been implicated in two other recently disclosed breaches at the time, though the article noted no confirmed connection between these incidents. The breach disclosure occurred via public notification and media reports, including an August 18, 2014 article in The Kansas City Star. No forensic findings, attacker details, or containment methodologies beyond data removal were documented in the available report.