Kaiser Permanente, a major health care conglomerate, recently disclosed a data breach that potentially affected millions of accounts. The breach, reported to the Department of Health and Human Services in mid-April, was described as an "unauthorized access/disclosure." According to the HHS, approximately 13.4 million people were potentially impacted by the breach.
In response to the incident, Kaiser Permanente stated that it was not aware of any misuse of personal information but would still notify both current and former customers as a precautionary measure. The company reported that more than 12.5 million people were enrolled in its health plans at the end of 2023.
The breach occurred due to certain online technologies on Kaiser Permanente's website and mobile applications that may have transmitted personal information to third-party vendors such as Google, Microsoft Bing, and Twitter. While usernames, passwords, Social Security numbers, and payment information remained uncompromised, the vendors may have received IP addresses, names, and other data.
Kaiser Permanente has since removed the technology from its sites and apps and apologized for the breach. The company stated that it has taken steps to prevent similar incidents in the future.
Kaiser Permanente provides health plans in eight states and Washington, D.C., and operates 40 hospitals and numerous medical offices. The company's notification and disclosure of the breach aim to inform and protect those potentially affected by the incident.