Kaiser Permanente breach might affect 13.4M members
Kaiser Permanente reported a data breach Monday that could affect millions of its customers.
The Bay Area health care giant said that when members and patients accessed its websites or mobile applications, data sent to third-party technology companies such as Google and X (formerly Twitter) via web cookies might have included personal information.
The information mainly consisted of IP addresses and search terms used while logged into a Kaiser Permanente account or service. The data did not include user names, passwords, Social Security numbers, financial account details or credit card numbers.
Kaiser indicated that approximately 13.4 million current and former members are being notified about the breach.
“Kaiser Permanente is not aware of any misuse of any member’s or patient’s personal information,” the company said in a statement. “Nevertheless, out of an abundance of caution, we are informing approximately 13.4 million current and former members and patients who accessed our websites and mobile applications. We apologize that this incident occurred.”
Kaiser Foundation Health Plan revealed in a filing on April 12 with federal authorities that there was a disclosure or unauthorized access to its network server.
The company added it was conducting an internal investigation into the breach.
Last year saw a record number of 725 significant security breaches in the health care industry, according to the HIPAA Journal.
One of the most disruptive hacks in the health care industry, the February cyberattack on the payments processing vendor Change Healthcare, has already cost the company $872 million, parent UnitedHealth said in its firstquarter earnings report. The breach shut down parts of Change Healthcare’s electronic operations and rendered hundreds of hospitals and other medical practices around the country unable to collect payments or pay their bills.