• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity
    2. Data Breaches

    Kaiser Permanente Notifies Patients of April 5 Security Incident

    June 14, 2022
    On June 3, Kaiser Foundation Health Plan of Washington notified some of its patients that an unauthorized party gained access to an employee’s emails
    Photo 63418174 © Boarding1now | Dreamstime.com
    Photo 63418174 © Boarding1now | Dreamstime

    Kaiser Foundation Health Plan of Washington sent a notice to some of its patients on June 3 regarding a security incident. The incident, according to the notice, happened on April 5.

    The notice says that “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

    Further, “We do not have any evidence of identity theft or misuse of protected health information as a result of this incident. However, we take this incident seriously, and this notice provides details of the incident and our response.”

    The notice explains that the protected health information that was possibly exposed includes first and last name, medical record number, dates of service, and laboratory test results/information. Kaiser says that “sensitive information” like social security numbers and credit card numbers were not included in the potentially exposed information.

    According to a June 14 article from TechCrunch by Carly Page, Kaiser has not revealed the size of the breach, but a separate filing with the U.S. Department of Health and Human Services confirmed that 69,589 individuals were affected.

    Page reports that “TechCrunch asked Kaiser how an unauthorized third-party was able to gain access to the employees’ emails but the company would not comment by press time. However, it said in its notice that the hacked employee ‘received additional training in safe email practices,’ suggesting the breach may have been the result of either credential stuffing or phishing. Kaiser added that it is ‘exploring other steps we can take to ensure incidents like this do not happen in the future,’ but the company would not say what these steps were.”

    Continue Reading

    Sponsored Recommendations

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.

    Increasing Healthcare Security Behind and Beyond the Firewall

    Read how 5 identity security solutions can help you protect against these threats while improving user experience and reducing costs.

    Improve and Secure Healthcare Delivery with Digital Identity

    Get a deep understanding of how Digital Identity can help secure your healthcare organization while offering seamless access to your growing portfolio of apps and APIs.