April 29, 2024 at 11:27AM
Kaiser Permanente notifies 13.4 million patients of a data breach involving exposure of personal information to third-party advertisers. The leaked data includes names, IP addresses, and health-related search terms, but not sensitive financial information. Following an internal investigation, the organization has removed tracking technologies and added safeguards to prevent future breaches.
Based on the meeting notes, it is clear that there was a significant data breach at Kaiser Permanente, affecting 13.4 million current and former patients. The breach involved the exposure of personal information, including names, IP addresses, and search history, to third-party vendors such as Google, Microsoft Bing, and Twitter. Notably, usernames, passwords, Social Security numbers, financial account information, and credit card numbers were not included in the transmission to these third parties.
Kaiser Permanente has taken steps to address the breach, removing tracking technologies from its websites and mobile applications and adding safeguards to prevent similar incidents in the future. While the organization is not aware of any misuse of the leaked data, it has notified the US Department of Health and Human Services and the California Attorney General’s Office about the breach.
It’s worth mentioning that data collected by trackers is frequently sold to advertisers, data brokers, and marketers, raising concerns about data privacy. Swimlane security automation architect Nick Tausek emphasized the impact of this from a data privacy perspective.
Furthermore, it is important to acknowledge Kaiser Permanente’s position as one of the largest healthcare and health coverage groups in the US, employing a significant number of physicians and nurses and providing care to a large patient population. This breach underscores the ongoing challenge of maintaining data security in the healthcare industry.