US health giant Kaiser hit by data breach — millions of customers informed they could be at risk
Kaiser shared sensitive data with third parties by mistake
American healthcare giant Kaiser Foundation Health Plan exposed sensitive data on millions of its current and former patients, apparently by mistake.
Among the data inadvertently shared with advertisers are member names and IP addresses, and information regarding their membership status with Kaiser Permanente. Furthermore, the company leaked information on how members interacted with the website and the apps, and what they searched for in the health encyclopedia.
A total of 13.4 million people are affected by this mishap, the company has confirmed, adding it is preparing to send out data leak notifications to all of them.
Targeting healthcare
The company confirmed the news via a statement shared with TechCrunch, noting its website and mobile applications used “certain online technologies”(tracking codes) that may have transmitted personal information to third-party vendors, thought to include Google, Microsoft, and X.
Kaiser filed a notice with the U.S. government, and notified California’s attorney general of what had happened.
Due to the sensitivity of the data they hold, healthcare organizations are a constant target for cybercriminals. Recently, Change Healthcare suffered a major ransomware attack in which the threat actors stole 4TB of valuable files. In exchange for keeping the data private and not sharing it on the dark web, the attackers demanded $22 million in cryptocurrency.
In late 2023, after a supply chain attack on ESO Solutions, sensitive data from a number of healthcare organizations in the US was stolen, and in March of the same year, both Zoll Medical and Independent Living Systems reported data breaches.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The Kaiser Foundation Health Plan is the parent organization of Kaiser Permanente, and claimed to have more than 12 million members last year.
More from TechRadar Pro
- ChatGPT plugin flaws could have allowed hackers to take over other accounts
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.