158 views 52 secs 0 comments

Kaiser Permanente discloses breach that may have impacted 13.4 million patients

In Data Breach News, Healthcare, News
April 26, 2024
Kaiser Permanente discloses breach that may have impacted 13.4 million patients

Healthcare giant Kaiser Permanente has joined the ranks of those who have disclosed that their websites may have improperly shared protected health information with others.

The issue with tracking pixels was first highlighted in investigative reporting by The Markup last year. They have continued to report on the issues, including fines paid, litigation, and Federal Trade Commission actions stemming from such tracking.

Kaiser Foundation Health Plan, which operates as Kaiser Permanente, provides health care and health care coverage as an integrated managed care consortium. As of 2022, they had 40 hospitals and 618 medical facilities (Wikipedia).

As reported by Bleeping Computer, Kaiser Permanente issued a statement indicating that 13.4 million patients may have been affected by tracking. The data shared improperly may have included IP addresses, names, information that could indicate a member or patient was signed into a Kaiser Permanente account or service, details showing how a member or patient interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.

“Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications” – Kaiser Permanente

The incident was reported to the U.S. Department of Health and Human Services on April 12.