Kaiser Permanente, a prominent healthcare giant in the United States, has notified about a data breach involving leak of sensitive information of is patients and members. Kaiser Foundation Health Plan, the health insurance arm of Kaiser Permanente, confirmed that 13.4 million current and former members were affected in the data breach, Reuters reported.
The incident is listed in a legally required notice on the Department of Health and Human Services’ breach notification portal on April 12 but was made public only on Thursday. The company has also notified California’s attorney general of the data breach, without giving much details.
The compromised data includes member names, IP addresses, and details regarding membership status with Kaiser Permanente, according to a TechCrunch report. Reportedly, information on users’ interactions with the website and mobile applications, along with search history in the health encyclopedia, was also leaked.
Kaiser reportedly acknowledged that the breach was a result of “certain online technologies”, such as tracking codes, embedded in its platforms. These technologies inadvertently transmitted personal information to third-party vendors, including major names like Google, Microsoft, and X (formerly Twitter).
While the healthcare giant assured that it was not aware of any misuse of the leaked data, it emphasized its commitment to inform all affected individuals as a precautionary measure. The company has also removed tracking code from its website and apps.
Meanwhile, Kaiser’s breach is reportedly the largest confirmed health-related data breach so far this year. This further adds to a growing list of healthcare organizations grappling with data security challenges. Recent attacks on industry players like Change Healthcare and ESO Solutions serve as stark reminders of the vulnerability of healthcare data to malicious actors. With healthcare data becoming increasingly valuable on the dark web, the stakes for protecting patient information have never been higher. Kaiser has said to be taking steps to prevent similar breaches in the future.
