Contents:
Kaiser Permanente, a healthcare service provider, just disclosed a data security incident that can impact over 13 million U.S. residents.
Being one of the largest non-profit health plans in the U.S., it operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington.
What Do We Know About the Breach?
In a statement to BleepingComputer, Kaiser Permanente declared that the information was leaked to third-party trackers installed on its websites and mobile apps, and that it contains data of both current and former patients and staff.
Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications.
Kaiser Permanente (Source)
As per Kaiser Permanente’s spokesperson, the information could include names, IP addresses, information indicating that a patient or member was signed into a Kaiser Permanente account or service, information about how the patient or member used the website and mobile applications, and search terms that were entered into the health encyclopedia.
Usually, the information collected by online trackers is shared with an extensive network or marketers, advertisers, and data brokers.
The statement highlights that data such as usernames, passwords, Social Security Numbers (SSNs), financial information, or credit card numbers were not exposed in the attack.
Kaiser Permanente reports that more steps have been taken to ensure that such occurrences don’t happen again after the trackers were found and eliminated as part of a voluntary internal probe.
The organisation will alert those who viewed its websites and utilised its mobile apps out of an abundance of caution, even though it is not aware of any instances of misuse of the disclosed information.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.