The latest healthcare cybersecurity risk impacting more than 13 million former and current patients of California-based Kaiser Foundation Health Plan is part of the record-breaking trend that has been in motion.
The company has notified patients that it unknowingly shared their information with third-party advertisers, including Google, Microsoft and X (formerly Twitter.) Kaiser Foundation Health Plan, which operates as Kaiser Permanente, is the largest health insurance company in the U.S.
The U.S. Department of Health and Human Services has dubbed it the largest confirmed health-related breach to date in 2024.
Tracking code used to monitor how members navigated through the healthcare giant’s online and mobile sites was oversharing a concerning amount of information. Kaiser has since removed the tracking code from its websites and mobile apps.
“Certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors,” the company said in a media statement.
The shared personal data included patient names, IP addresses, web pages people visited, whether they were actively signed in, and even the search terms they used when using the companies online health encyclopedia for personal research.
A Kaiser spokesperson for Kaiser has begun notifying current and former patients who utilized its websites and mobile apps about the breach.
Companies covered by HIPAA are required to notify the Department of Health and Human Services of data breaches involving protected health information, such as medical data and patient records. The company submitted their required notice April 12, and the notice was posted publicly last week. Kaiser spokesperson Diana Yee said the organization would begin notifying affected current and former members and patients who accessed its websites and mobile apps. The notifications will start in May in all markets in which Kaiser Permanente operates. California-based Kaiser also notified its state attorney general of the breach.
This is the second health care cybersecurity risk incident spotlighting this high profile issue since Change Healthcare reported a ransomware cyberattack in February.
A record was set in 2023 with 725 large security breaches in healthcare reported to the Department of Health and Human Services Office for Civil Rights, according to The HIPAA Journal. This beat the former record of 720 healthcare security breaches set in 2022.
Enfortra’s white label identity protection offers tailored solutions specifically designed for the healthcare sector. By integrating White Label Credit Monitoring with comprehensive restoration and recovery services, Enfortra ensures the safeguarding of patient private data. Our customizable portals cater to the unique needs of your members, enhancing their experience while fortifying the security of sensitive information. This not only fosters trust and loyalty among patients but also generates additional revenue streams through a valued and essential identity protection solution.
