Kansas County Says Ransomware Attack Exposed Personal Information

A Kansas county said it found unauthorized access and acquisition of personal information maintained by the county, including protected health information related to individuals who received services.

Franklin County, located southeast of Kansas City, shared in a Sept. 20 update that the county discovered and responded to a ransomware attack on its computer network. The county said it immediately began working with a nationally recognized digital forensics team to secure its network and investigate what happened. The county additionally alerted and cooperated with federal law enforcement.

Through its investigation, the county learned that on May 19, 2024 the cyber criminals responsible for the attack took some data from the County’s network. Once county officials discovered this, they began a thorough review of the data to determine what information may have been involved, who may have been affected, and where those people live so that they could provide notice.

The county determined that the data contained the following types of information: name, address, Social Security number, driver’s license number, financial account numbers, date of birth, information related to medical conditions, treatment or diagnosis, medications, name(s) of healthcare provider(s), information regarding services provided to residents by the County, such as locations of service, dates of service, medical record number, vaccination information, COVID related information, insurance identification number, and/or insurance or billing information.

Franklin County said it Is continuously working to identify and mitigate threats and evaluate its IT security protocols to protect sensitive data.

The county recommends that residents remain vigilant for incidents of fraud and identity theft and report any incidents of suspected identity theft to local law enforcement.

Topics Cyber Kansas

Was this article valuable?