Kansas City Behavioral Health Center Discloses September 2025 Data Breach
On November 19, 2025, Wyandot Center, a nonprofit community behavioral health center in Kansas City, KS, disclosed a cybersecurity incident that was first detected on or around September 22, 2025. Third-party cybersecurity experts were called in to investigate suspicious network activity and confirmed unauthorized access to its network between September 21 and September 22, 2025. During that time, files containing patients’ protected health information were exposed and may have been accessed or acquired.
Over the following six weeks, the exposed files were reviewed. On November 5, 2025, Wyandot Center confirmed that the exposed data included names in combination with one or more of the following: address, date of birth, Social Security number, patient ID, medical record number, health insurance information, service date, diagnosis/condition information, provider name, prescription information, and/or medical history information.
Additional security measures have been implemented, and data security policies and procedures are being reviewed. The affected individuals have been offered complimentary credit monitoring and identity theft protection services. The HHS’ Office for Civil Rights website indicates 27,174 individuals were affected.
ChristianaCare Affected by Cerner/Oracle Health Data Breach
ChristianaCare, the operator of three hospitals and multiple outpatient facilities in northern Delaware, has recently learned that patient data was compromised in a security breach at its electronic medical record vendor, Oracle Health (Formerly Cerner). A hacker gained access to legacy Cerner servers as early as January 22, 2025, and copied data from medical records, including names, Social Security numbers, medical record numbers, diagnoses, medications, medical images, test results, physicians’ names, and care and treatment information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
ChristianaCare was first informed about the incident in April 2025; however, the names of the affected individuals were not provided by Oracle Health until September 29, 2025. ChristianaCare confirmed that the delay in notification was at the request of law enforcement while an investigation was conducted. Letters are now being mailed to the affected individuals who have been offered two years of complimentary credit monitoring and identity theft protection services. The number of affected individuals has yet to be publicly disclosed.
Visage Imaging
Visage Imaging Inc., a worldwide provider of medical imaging solutions to the healthcare industry, has disclosed a data breach. The Pro Medicus Limited-owned company, which has its U.S headquarters in San Diego, CA, has only disclosed limited information about the incident. Its notification letters only state that personal information was involved and offered the affected individuals 24 months of complimentary credit monitoring services. It is unclear how many individuals in the United States have been affected.
