Kansas Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
Kansas.jpg
 

Public Safety

Attack on Butler County

Breach Type - Ransomware

KNSS
September 12th, 2017
  • County locket out of First Responder 911 system
  • Dispatchers relay info via walkie talkie and notepads
Read More
KWCH
September 18th, 2017
  • No data was stolen
  • Remains unknown if Butler County paid ransom
Read More

 
BACK TO TOP

Local Government

Pittsburg experiences ‘cybersecurity incident’, city investigating, Crawford County

Breach Type – Unknown, Other

News Talk KZRG
September 18th, 2023
  • "Over the weekend, the City of Pittsburg discovered a cybersecurity incident impacting the city’s network. This incident resulted in a temporary IT outage impacting city emails, phones, and online payments."
  • "The City of Pittsburg Incident Response Team immediately took proactive measures to protect city data and network systems. The city is working with forensic experts to fully understand the extent and implications of this incident, and to ensure that the city can operate within a safe and remediated network environment."
  • "Despite this temporary disruption, the city operations and services will continue. Public safety services, including 9-1-1 dispatch, and utility services remain operational.”
Read More

 
Security incident causes disruption for Kansas City municipal courts, Wyandotte County

Breach Type – Hacking, Other

Fox 4 Kansas City
September 12th, 2023
  • "A security incident with an information network causes some shuffling in some Kansas City municipal courts.”
  • "Regional Justice Information Systems stopped all services Tuesday.”
  • “REJIS is an IT firm that operates information systems for some criminal justice agencies in Kansas, Missouri and Illinois.”
  • ”The REJIS shutdown means Kansas City, Kansas, is rescheduling all municipal court dockets for the rest of the week.”
Read More

 
Wyandotte County government hit by cyber attack

Breach Type – Unknown, Malware

Fox 4 Kansas City
April 18th, 2022
  • “The Unified Government of Wyandotte County and Kansas City, Kansas was hit by a cybersecurity attack to its data centers over the Easter holiday weekend.”
  • “An ongoing assessment of the damage is underway. The UG said it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to determine what data, if any, may have been compromised.”
  • “A spokesperson with the UG said things are still being accessed regarding the attack at this time and more information should be shared Tuesday morning.”
Read More

 
Pottawatomie County pays hackers to restore computer systems after cyber attack

Breach Type – Hacking, Malware

WIBW-TV 13
October 1st, 2021
  • "Officials in Pottawatomie County say computer systems are slowly being restored after a ransom was paid to hackers."
  • "County officials say several of their servers were encrypted during a cyber attack on September 17, 2021."
  • "The amount paid was not disclosed, however, WIBW-TV has filed an open records request to determine the specific amount that Pottawatomie County paid to resolve the ransomware attack."
Read More

 
Sedgwick County Employee Email, Sedgwick County

Breach Type – Phishing, Other

Kansas News
May 7th, 2020
  • Employee was scammed into buying gift cards to be given as gifts to fellow employees
  • County credit was used to buy several fake gift cards along with employee's personal account
  • The scam was soon reported after the discovery of the employee being scammed
Read More

 
City of Seneca, Nemaha County

Breach Type - Hacking, Other

WIBW
December 20th, 2018
  • City of Seneca systems compromised in cyber attack
  • Unknown individuals breached network, suspects attempted to steal substantial funds but failed
  • Customers or vendors, who provided banking information to the City are cautioned that their personal information may have been stolen
Read More

 
City of Topeka, Shawnee County

Breach Type - Other, Data Breach

Hays Post
December 10th, 2018
  • City of Topeka notified by software vendor of potential cyber attack
  • Utility Billing Payment System affected and the city transitioned into a more secure platform as a result
  • The City identified 10,000 customers who could have been impacted by the breach
Read More

 
Dickinson County

Breach Type - Phishing, Other

GovTech
August 31st, 2018
  • Cyber attacks infiltrated county firewalls
  • Anti-virus protection did not prevent the attacks
  • County implemented new software as precaution
Read More

 
Finney County

Breach Type - Phishing, TDoS/DDoS

The Garden City Telegram
July 17th, 2018
  • County network shut down twice
  • Hackers targeted County email's address book
  • Sent malicious emails to all county employees
Read More
KWCH
August 1st, 2018
  • Attack came from malicious email link
  • Finney county shut down twice in one month
  • Malware attack also forced election network to shut down
Read More

 
City of Pittsburg

Breach Type - Phishing

Data Breaches
February 6th, 2018
  • W2 phishing scheme
  • No evidence that employee data was misused
  • City notified local law enforcement, IRS, FBI, & all impacted individuals
Read More

 
Harvey County

Breach Type - Hack

The Kansan
February 6th, 2018
  • Computer network targeted by cyber attack, no data compromised
  • Hindered Harvey's services, county remained open with limited operations
  • County has backup system in place
Read More

 
Butler County Network Department of Commerce

Breach Type - Ransomware

International Business Times
July 21st, 2017
  • Database breached by hackers/li>
  • Exposing more than 5.5 Million Social Security numbers
  • 805,000 who did not provide Social Security numbers, had other personal data exposed
  • Kansas to provide one-year free credit monitoring to 9 of 10 states affected
  • Took two months for Kansas to relay info about the breach to those affected
Read More

 
BACK TO TOP

Medical

Kansas hospital dealing with data breach; 19,000 affected, McPherson County

Breach Type – Hacking, Data Breach

Becker Hospital Review
May 11th, 2023
  • "McPherson (Kan.) Hospital suffered a data breach caused by hacking that compromised the information of 19,020 patients.”
  • “The ransomware was first discovered in July 2022, and McPherson concluded the investigation March 15. The hospital has no evidence of misuse of personal information, according to a May 4 notice of breach with the Maine attorney general.”
  • ”However, the unauthorized party may have had access to the patients' names, Social Security numbers, dates of birth, treatment information, medical billing information and health insurance information.”
Read More

 
Kansas health care company hit by ransomware attack, Montgomery County

Breach Type – Unknown, Ransomware

MSN.com
April 12, 2023
  • "A Kansas health care company was struck by a ransomware attack. Medicalodges, Inc. is now one of two companies successfully targeted by the Karakurt Ransomware Extortion Group..”
  • ”This particular one is pretty ruthless. They are known to be pretty malicious in getting what they want, so they are not to be trifled with,” Bill Ramsey, the CEO of Soteria Technology Solutions, said."
  • “Sources say the notorious group claims it has access to 170 GB worth of Medicalodges, Inc. data, including social security numbers, client NDAs, and medical diagnoses. The group also claims it will release at least 158 GB worth of that data on April 17.”
  • According to a June 2022 FBI dossier on the group: “…some victims reported Karakurt actors did not maintain the confidentiality of victim information after a ransom was paid…”
Read More

 
Newman Regional Health notifies 52,224 patients after long-running breach of employee email accounts , Lyon County

Breach Type – Hacking, Data Breach

Data Breaches
April 15th, 2022
  • "Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts between January 26, 2021 and November 23, 2021."
  • "According to the FAQ, the type of information contained in the email accounts varied for each affected individual but may have included: individuals’ names; dates of birth; medical record or other identification numbers; addresses, phone numbers, or e-mail addresses; limited heath, treatment or insurance information; or employee information collected in connection with an individual’s receipt of services from or employment with NRH. A limited group of individuals may have social security number or financial information affected."
  • "We are in the process of notifying affected individuals, including details regarding the information that was involved."
Read More

 
Labette Health discloses October 2021 data security incident, Labette County

Breach Type – Hacking, Data Breach

Data Breaches
March 12th, 2022
  • "Labette Health in Kansas has started notifying employees and patients of a data security incident."
  • "According to a statement on their website, an investigation determined that unauthorized individual(s) potentially accessed and acquired information from portions of their network between October 15, 2021 and October 24, 2021."
  • "Labette Health determined that certain files and folders that may have been accessed or acquired contained identifiable personal and/or protected health information of employees and certain patients who received services from Labette Health, including the individuals’ full name and one or more of the following: Social Security number, medical treatment and diagnosis information, treatment costs, dates of service, prescription information, Medicare or Medicaid number, and/or health insurance information."
  • "Labette Health’s statement indicates that it has no evidence to suggest that any information has been misused, and as of the time of this publication"
Read More

 
Mowery Clinic in Salina announces data breach, Saline County

Breach Type – Unknown, Data Breach

Salina Journal
November 5th, 2021
  • “Mowery Clinic in Salina gave notice of a data breach that happened in September."
  • “ the investigation showed an unauthorized individual had gained access to its network, but did not access the clinic's electronic medical records application. The clinic said the individual did deploy malware and accessed or acquired certain documents in the systems containing current and former patient and employee information."
  • “This information may have included the following: name, address, date of birth, medical information such as office notes and diagnostic notes and, in limited circumstances, a Social Security Number."
  • “We are working diligently to determine how the incident happened and are taking appropriate measures to prevent a similar situation in the future."
Read More

 
Midwest Transplant Network, Johnson County

Breach Type - Unknown, Ransomware

KCUR 89.3
May 3rd, 2021
  • threat actors were able to obtain some personal information about deceased donors and organ recipients, including names, dates of birth, and types of organ donation or transplantation procedures following ransomware attack
  • Cybersecurity company Kroll and FBI are working to resolve the situation
  • Suspicious activity noticed February 11th
Read More

 
Valley Hope Association, Norton County

Breach Type - Phishing, Data Breach

Data Breaches
January 19th, 2019
  • Data breach may have exposed patient’s private information
  • Discovered attack through unusual email activity
  • Hackers exploited an employee’s email account
  • Exposed emails may have sensitive information
Read More

 
Ransom Memorial Hospital, Franklin County

Breach Type - Phishing, Data Breach

KWCH
October 17th, 2018
  • Hospital fell victim to phishing scheme
  • Phishing attack may have exposed 16,366 individuals
  • Private health and financial information potentially at risk
Read More

 
Kansas Heart Hospital

Breach Type - Ransomware

KFDI
May 21st, 2016
  • Malicious email launches malware attack on Kansas Heart Hospital
  • One computer infected with ransomware, no patient data at risk
  • Paid ransom to hackers, but hackers returned demanding more money
  • Hospital now working toward recovering systems without paying
Read More

 
BACK TO TOP

Education

Wichita State restoring systems after cyber attack, Sedgwick County

Breach Type – Unknown, Data Breach

JCPost.com
May 2nd, 2023
  • ”Over the weekend, Wichita State University took proactive measures and disconnected several University systems to isolate an unauthorized attempt by a third party to access the University’s systems, according to a statement of the school's website.”
  • ”Most of the University system access has been restored and there has been no indication that any of the University’s secure data or information has been compromised. The University will continue to engage its security protocols in restoring full availability of all networks and systems, prioritizing student needs.”
  • ”At this time, we anticipate that the University will have restoration of all networks and major systems by Tuesday but are also mindful that these incidents often create residual issues and future interruptions may occur.”
Read More

 
No school Wednesday for Newton Public Schools USD 373 due to ‘network security incident’, Harvey County

Breach Type – Unknown, Data Breach

KSN.com News
March 28th, 2023
  • "There will be no school on Wednesday, March 29, for Newton Public Schools USD 373 due to what the district is saying is a “network security incident.”
  • ”School has since been canceled for Thursday, March 30, as well. USD 373 expects to return Friday, March 31."
  • “According to Newton Public Schools Director of Communication Carly Stavola, the Newton School District detected a network security incident Tuesday that is affecting certain systems within its network environment."
Read More

 
Kansas school district pulls messaging app after data breach, Butler County

Breach Type – Hacking, Data Breach

KWCH
September 14th, 2022
  • "Andover Public Schools said it has pulled the popular messaging app, Seesaw after the app was hacked."
  • "According to the Seesaw website, the app is used by 10 million teachers, students and family members, but the company declined to say how many users were affected by the hack."
  • "The school district said it pulled Seesaw from all student and staff accounts as it works with the company on the issue."
Read More

 
Wichita State University, Sedgwick County

Breach Type – Phishing, Date Breach

Data Breaches
March 16th, 2020
  • Unauthorized third party accessed university server
  • Third party IT firm utilized in investigating the cyberattack
  • Officials confirmed they would re-educate staff on safety
Read More

 
Wichita State University, Sedgwick County

Breach Type - Phishing, Other

Tri-City Herald
January 3rd, 2019
  • Wichita State University employees fell victim to email phishing scheme
  • Hackers achieved university ID numbers & passwords – gaining access to bank account numbers, student records, and other personal information
  • Employee paychecks rerouted to fraudulent bank accounts
  • Officials did not specify potential data breach of student data
  • No evidence has surfaced of employees receiving paycheck reimbursement
Read More

 
Butler Community College

Breach Type - Hack

Hays Post
September 21st, 2017
  • Hack disabled internet connectivity for entire community college
  • IT department suspects problems were result of DDoS attack
  • Butler Community College working to mitigate issue as the school depends on internet for daily tasks
Read More

 
Arkansas City Schools

Breach Type - Phishing

KSN
March 14th, 2017
  • Arkansas City school employees fall victim to spear-phishing scheme
  • Employees mistakenly sent valuable W-2 data to hackers
  • Arkansas City school implementing additional safeguards to prevent future schemes
Read More

 
BACK TO TOP