Kaiser Permanente Experiences Data Security Incident Affecting 13.4 Million Individuals
Kaiser Permanente, one of the largest nonprofit health plans in the United States, recently announced a data security incident that has impacted 13.4 million people. The incident was caused by online technologies installed on their websites and mobile applications that transmitted personal information to third-party vendors without authorization.
The organization, known for its integrated managed care consortium, operates 40 hospitals and 618 medical facilities across 9 states and the District of Columbia.
According to a statement provided to BleepingComputer, the affected data included information from both current and former members and patients. This data could potentially include names, IP addresses, and details of how individuals interacted with and navigated through the websites and mobile applications. Additionally, search terms used in the health encyclopedia may have been exposed.
While online trackers typically share collected information with marketers, advertisers, and data brokers, Kaiser Permanente assures that no usernames, passwords, Social Security Numbers, financial account information, or credit card numbers were compromised in this incident.
Following a voluntary internal investigation, the organization discovered and removed the unauthorized third-party trackers. They have also implemented additional measures to prevent similar incidents from occurring in the future.
At this time, there is no evidence of the exposed data being misused. However, as a precaution, Kaiser Permanente will be notifying individuals who accessed their websites or used their mobile apps during the timeframe in which the incident occurred.
This is not the first data breach for Kaiser Permanente. In June 2022, the organization reported a breach where an unauthorized individual gained access to an employee’s email account, exposing the health information of 69,000 individuals. This data included full names, medical records, dates of service, and lab test results.
As cybersecurity threats continue to evolve, it is crucial for organizations to remain vigilant and take proactive measures to protect sensitive information. Kaiser Permanente’s efforts to address this incident and prevent future ones are commendable, but it serves as a reminder for all organizations to prioritize data security to safeguard their patients’ and customers’ personal information.