Notice of Security Incident

Psychiatry Associates of Kansas City (PAKC) is committed to providing high-quality care to all of our patients, including maintaining the privacy and security of our patients’ information. We were recently affected by a security incident that involved some information maintained by PAKC. The notice below provides further information regarding this incident and the actions that we have taken in response.

What Happened: On September 19, 2023, PAKC discovered a data security incident affecting its information systems. This security incident involved malicious software. The malicious software permitted an unauthorized intruder access to a file server. The file server contained certain information with respect to some PAKC patients. Upon learning of the security incident, PAKC shut down the affected systems, engaged forensic experts to investigate, and began restoring the affected systems. The incident was reported to the FBI. PAKC has implemented security enhancements to prevent security incidents in the future.

What Information was Involved: The office file servers contained documents with certain information regarding some PAKC patients. The information includes patient name, appointment date/ time, visit type, medical record number, diagnostic codes, and treatment codes. The documents may also include the name of the patient’s health insurance company.

The file servers did not contain any patient Social Security numbers, credit card numbers, or other financial information. PAKC medical records are stored offsite and were not affected in this incident.

What PAKC is Doing in Response: Upon learning of the security incident, PAKC immediately shut down the affected systems, engaged forensic experts to investigate, and began restoring the affected systems. The incident was reported to the Federal Bureau of Investigations. PAKC reset onsite and cloud application passwords for all members of its workforce; enforced multifactor authentication for all users (both remote and onsite); implemented additional technical controls to protect its network and systems; and is retraining the workforce in privacy and security including phishing and ransomware. Other evaluations, improvements, and monitoring of security controls are ongoing.

While PAKC is unaware of any misuse of the involved information at this time, complimentary identity monitoring services are being offered to the affected patients.

Additionally, PAKC has established a toll-free call center (Kroll) where individuals may contact with questions about this incident. Please call Kroll at 866-983-6855 if you have questions.

PAKC is committed to the security of its patient information. We are continually enhancing the security of our electronic systems and the patient data we maintain to help prevent events such as this from occurring in the future. We deeply regret any concern this incident may have caused and want to assure you that we are committed to the security of our systems as we continue to provide the high-quality care that our patients and families have come to expect from PAKC.

Sincerely,

PAKC Physicians