April 29, 2024 at 04:09PM
Kaiser Permanente reported a data breach affecting 13.4 million insurance members. Improperly implemented tracking code on their websites and mobile apps shared personal data with third-party advertisers such as Google and Microsoft. While not a hacking event, this breach raises security concerns, according to Narayana Pappu, CEO at Zendata, due to the oversharing of customer information with advertisers.
From the meeting notes, it appears that Kaiser Permanente has experienced a data breach affecting 13.4 million current and former insurance members. This breach occurred due to the inadvertently shared patient data with third-party advertisers, including Google, Microsoft, and social platform X, through improperly implemented tracking code on its websites and mobile applications.
The shared data included names, IP addresses, page visits, active sign-ins, and search terms used on the company’s online health encyclopedia. Kaiser has since removed the tracking code from its sites, and while it wasn’t a hacking event, the breach raises concerns from a security perspective.
Narayana Pappu, CEO at Zendata, highlighted that the presence of third-party trackers belonging to advertisers and the oversharing of customer information is a pervasive problem in health tech and government space. He mentioned that this oversharing of customer information, although not fitting the traditional definition of a data breach, essentially results in the same outcome.
The implications of this breach and the broader issue of oversharing of customer information with third-party advertisers are of concern, and a monitoring/auditing process to identify and prevent such issues is essential.