Health care service provider Kaiser Permanente has revealed roughly 13.4 million people in the United States may have been impacted by a data security incident that occurred earlier this month.
More than 12.5 million people were enrolled in those health plans as of Dec. 31, 2023, according to the organization’s website.
However, the filing with HHS states that approximately 13.4 million members may have been impacted by the recent breach.
Kaiser Permanente added that the data breach was related to unauthorized access and disclosure of information, although a spokesperson for the health care giant told Reuters that it had not identified any cases of misuse of data.
“Out of an abundance of caution, we are informing about 13.4 million current and former members and patients who accessed our websites and mobile applications,” Kaiser told the news agency.
They include both current and former customers, the spokesperson noted.
Separately, the organization told Information Security Media Group that it had launched an internal investigation into the breach and ultimately found that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
Private Info ‘Not Compromised’
The data shared with third-party vendors potentially includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how members “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia,” the company said.However, the company stressed that no usernames, passwords, Social Security numbers, financial account information, or credit card numbers were compromised or shared with third parties.
As a result of the breach, Kaiser removed the trackers from its websites and mobile apps, a company spokesperson added.
“Kaiser Permanente conducted a voluntary internal investigation into the use of these online technologies and subsequently removed them from the websites and mobile applications,” the company said. “In addition, Kaiser Permanente has implemented additional measures with the guidance of experts designed to safeguard against recurrence of this type of incident.”
Kaiser Permanente touts itself as one of the leading healthcare providers in the United States; operating 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington, according to its website.
A spokesperson for the company told Information Security Media Group that the data breach impacts its members in all locations in which it operates and that affected individuals will be notified in May.
The Epoch Times has contacted Kaiser Permanente for further comment.
Update on UnitedHealth Group Breach
The latest data breach comes nearly two years after Kaiser Permanente revealed a data breach involving unauthorized access had exposed the health information of 69,000 people.At the time, the company said an employee’s email account containing patients’ protected health information was accessed by an unauthorized individual, leading to patient full names, medical records, dates of service, and lab test results information potentially being exposed.
Unlike the latest incident, that data breach only impacted the Kaiser Foundation Health Plan of Washington patients.
To date, the most recent breach at the Kaiser Foundation marks the largest health data breach reported to HHS so far in 2024.
UnitedHealth Group has not yet released the official number of patients potentially impacted by the breach, reportedly carried out by a cybercriminal gang known as AlphV or BlackCat. However, they noted on April 29 that it could affect a substantial proportion of people in America.