Kaiser Permanente Notifies Patients of April 5 Security Incident

June 14, 2022
On June 3, Kaiser Foundation Health Plan of Washington notified some of its patients that an unauthorized party gained access to an employee’s emails

Kaiser Foundation Health Plan of Washington sent a notice to some of its patients on June 3 regarding a security incident. The incident, according to the notice, happened on April 5.

The notice says that “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

Further, “We do not have any evidence of identity theft or misuse of protected health information as a result of this incident. However, we take this incident seriously, and this notice provides details of the incident and our response.”

The notice explains that the protected health information that was possibly exposed includes first and last name, medical record number, dates of service, and laboratory test results/information. Kaiser says that “sensitive information” like social security numbers and credit card numbers were not included in the potentially exposed information.

According to a June 14 article from TechCrunch by Carly Page, Kaiser has not revealed the size of the breach, but a separate filing with the U.S. Department of Health and Human Services confirmed that 69,589 individuals were affected.

Page reports that “TechCrunch asked Kaiser how an unauthorized third-party was able to gain access to the employees’ emails but the company would not comment by press time. However, it said in its notice that the hacked employee ‘received additional training in safe email practices,’ suggesting the breach may have been the result of either credential stuffing or phishing. Kaiser added that it is ‘exploring other steps we can take to ensure incidents like this do not happen in the future,’ but the company would not say what these steps were.”

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...