Kaiser Permanente: Data Breach Might Affect 13.4M Members

April 26, 2024
On April 25, Kaiser Permanente execs shared with the press that their health plan had had a data breach exposing the data of 13.4 million plan members

The Oakland, Calif.-based Kaiser Permanente organization has experienced a data breach that involves the data of 13.4 million members; the health plan has filed a legally required notice with the Department of Health and Human Services (HHS) of the breach, which is the largest confirmed healthcare-related data breach of 2024 so far.

Reporter Zack Whittaker of TechCrunch first broke the story, writing on April 25 that “U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter). In a statement shared with TechCrunch, Kaiser said that it conducted an investigation that found ‘certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.’  Kaiser said that the data shared with advertisers includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how members ‘interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia,’ Whittaker wrote. “Kaiser said it subsequently removed the tracking code from its websites and mobile apps.”

Also on April 25, SFGate’s Stephen Council reported that “Kaiser told SFGATE in a statement on Thursday, ‘certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter).’”

Council further noted that “Kaiser plans to notify 13.4 million people about the breach, and said the notifications are “out of an abundance of caution.” That huge number includes “current and former members and patients who accessed our websites and mobile applications,” the company said. Kaiser did not immediately respond to SFGATE’s question about the time frame of the breach. Any of the 13.4 million people may have had their personal information transmitted to the tech companies, but it isn’t clear what share of that number actually did. The incident makes Kaiser’s the biggest health-related breach of the year, per the HHS’ breach portal. Though the personal information didn’t include passwords, Social Security numbers or credit card information, per Kaiser, the tech giants reportedly had the chance to hoover up a swath of other data. The health care company’s statement to SFGATE said the breach may have included patients’ names, IP addresses, sign-in statuses and how they navigated through Kaiser’s website and mobile apps.

Meanwhile, TechRadar’s Sead Fadilpašić reported on Apr. 26 that “Kaiser filed a notice with the U.S. government, and notified California’s attorney general of what had happened. Due to the sensitivity of the data they hold, healthcare organizations are a constant target for cybercriminals,” Fadilpašić  noted. “Recently, Change Healthcare suffered a major ransomware attack in which the threat actors stole 4TB of valuable files. In exchange for keeping the data private and not sharing it on the dark web, the attackers demanded $22 million in cryptocurrency.  In late 2023, after a supply chain attack on ESO Solutions, sensitive data from a number of healthcare organizations in the US was stolen, and in March of the same year, both Zoll Medical and Independent Living Systems reported data breaches, he added.

 

Sponsored Recommendations

Patient Engagement and ML/AI – Modern Interoperability as an enabler for value based care

Discover how modern interoperability empowers patient engagement and leverages ML/AI for better outcomes in value-based care. Join us on June 18th to learn how seamless data integration...

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.