DATA BREACH OF KAISER PERMANENTE EXPOSED 700,000 PATIENT RECORDS

November 7, 2022
|In Security
|By Security Team

Introduction:

One of the largest Washington-based healthcare organizations, Kaiser Permanente, reported becoming a victim of the data breach. The breach was due to unauthorized access to its email system. According to the reports, the data breach exposed approximately 700,000 patients’ health information. The exposed data might include the personal details of patients like names, medical record numbers, dates of service, and lab test results.

Process:

Kaiser Permanente was founded in 1945 and is one of the largest non-profit healthcare organizations in the U.S. It serves almost 12 million people in the United States, including Washington, D.C., and eight other states. On 5th April 2022, an unauthorized person accessed one of its employee’s email accounts, which contained sensitive information about its patients. When Kaiser Permanente discovered that an attacker had acquired access to employee emails, it immediately terminated the access and launched an investigation to ascertain the extent of the data breach. While there is no proof that the unauthorized individual accessed the data, the healthcare organization cannot exclude the possibility. On 3rd June 2022, it released a report stating that the breach affected the details of Patients of Kaiser Foundation Health Plan of Washington.

Kaiser Permanente did not specify the precise number of affected patients in the breach report. Although, the U.S. Department of Health and Human Services Office for Civil Rights obtained data showing that the incident exposed the personal information of 69,589 individuals. The breach might expose details such as patients’ full names, medical record numbers, dates of service, and lab test results. Furthermore, it stated that there is no proof that the incident led to identity theft or the misuse of confidential health information. There is no trace of a breach regarding sensitive information such as Social Security numbers and credit card numbers.

Impact:

The breach compromised the health information of Kaiser Foundation Health Plan of Washington patients. The incident has exposed the personal information of nearly 69,589 individuals. Details like patients’ complete names, medical record numbers, dates of services, and lab test results could be made public.

Remediation:

When Kaiser Permanente discovered that an attacker had acquired access to employee emails, it immediately terminated the access and launched an investigation to ascertain the extent of the data breach. It acted quickly to prevent the unauthorized party from accessing the employee’s emails. That includes updating the employee’s password for the compromised email account. It further stated that the employee got additional training on safe email practices and implemented measures to prevent similar incidents in the future.