Founded in July 1945, Kaiser Permanente is an integrated managed care consortium with its headquarters located in Oakland, California. Kaiser is arguably the largest non-profit health care and health plan provider in the US. According to the latest report, Kaiser is one of the latest in the list of healthcare providers to be breached by hackers. The health company recently disclosed a breach, which exposed the data of more than 69,000 patients.
More information on the attack
According to a report by Risk Based Security, the healthcare sector was one of the top industries to be attacked in the past couple of years. In 2020 alone, reports show that over 3,932 data breach events occurred in the United States. Out of these events, 13% impacted healthcare providers. Some of the past top healthcare companies impacted by data breaches are United Healthcare Services (UHS), Magellan Health in Arizona, Trinity Health in Michigan, and Augusta University Health.
Kaiser Permanente is adding to the long list of healthcare providers affected by data breaches in the past years. The Oakland, California-based health care company recently notified over 69,000 patients of a data breach at the Kaiser Foundation Health Plan of Washington.
Kaiser stated that an unauthorized party gained access to an employee’s emails on April 5. The company also added that it was able to stop the access and address the vulnerability within hours. Some of the steps taken include resetting the employee’s password and providing the affected patients with new techniques to protect their emails.
The employee’s emails contained the Protected Health Information (PHI) of patients. Some of the protected data contained in the emails include names, medical record numbers, laboratory test results, and dates of service.
No indication that the hackers gained access to the PHI
After investigating the attack, there was no indication that the hackers gained access to patients’ Protected Health Information (PHI). However, Kaiser couldn’t rule out any possibility. This is why the health care provider notified the over 69,000 patients that may have been affected by the attack. Here’s a brief of what Kaiser said when disclosing the data breach event:
“After discovering the event, we quickly took steps to terminate the unauthorized party’s access to the employee’s emails. This included resetting the employee’s password for the email account where unauthorized activity was detected. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future.”
In its report, Kaiser Permanente didn’t disclose the number of patients affected by the data breach. However, the information filed by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reveals that about 69,589 people might have been affected by the attack. Currently, we don’t know why it took Kaiser more than two months to inform the concerned patients of the breach.