Kaiser Permanente Notifies Patients of April 5 Security Incident

June 14, 2022
On June 3, Kaiser Foundation Health Plan of Washington notified some of its patients that an unauthorized party gained access to an employee’s emails

Kaiser Foundation Health Plan of Washington sent a notice to some of its patients on June 3 regarding a security incident. The incident, according to the notice, happened on April 5.

The notice says that “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

Further, “We do not have any evidence of identity theft or misuse of protected health information as a result of this incident. However, we take this incident seriously, and this notice provides details of the incident and our response.”

The notice explains that the protected health information that was possibly exposed includes first and last name, medical record number, dates of service, and laboratory test results/information. Kaiser says that “sensitive information” like social security numbers and credit card numbers were not included in the potentially exposed information.

According to a June 14 article from TechCrunch by Carly Page, Kaiser has not revealed the size of the breach, but a separate filing with the U.S. Department of Health and Human Services confirmed that 69,589 individuals were affected.

Page reports that “TechCrunch asked Kaiser how an unauthorized third-party was able to gain access to the employees’ emails but the company would not comment by press time. However, it said in its notice that the hacked employee ‘received additional training in safe email practices,’ suggesting the breach may have been the result of either credential stuffing or phishing. Kaiser added that it is ‘exploring other steps we can take to ensure incidents like this do not happen in the future,’ but the company would not say what these steps were.”

Sponsored Recommendations

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...