• About Us
  • Events
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
  • Innovators
    1. Cybersecurity
    2. Data Breaches

    Kaiser Permanente Notifies Patients of April 5 Security Incident

    June 14, 2022
    On June 3, Kaiser Foundation Health Plan of Washington notified some of its patients that an unauthorized party gained access to an employee’s emails
    Photo 63418174 © Boarding1now | Dreamstime.com
    Photo 63418174 © Boarding1now | Dreamstime

    Kaiser Foundation Health Plan of Washington sent a notice to some of its patients on June 3 regarding a security incident. The incident, according to the notice, happened on April 5.

    The notice says that “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

    Further, “We do not have any evidence of identity theft or misuse of protected health information as a result of this incident. However, we take this incident seriously, and this notice provides details of the incident and our response.”

    The notice explains that the protected health information that was possibly exposed includes first and last name, medical record number, dates of service, and laboratory test results/information. Kaiser says that “sensitive information” like social security numbers and credit card numbers were not included in the potentially exposed information.

    According to a June 14 article from TechCrunch by Carly Page, Kaiser has not revealed the size of the breach, but a separate filing with the U.S. Department of Health and Human Services confirmed that 69,589 individuals were affected.

    Page reports that “TechCrunch asked Kaiser how an unauthorized third-party was able to gain access to the employees’ emails but the company would not comment by press time. However, it said in its notice that the hacked employee ‘received additional training in safe email practices,’ suggesting the breach may have been the result of either credential stuffing or phishing. Kaiser added that it is ‘exploring other steps we can take to ensure incidents like this do not happen in the future,’ but the company would not say what these steps were.”

    Continue Reading

    Sponsored Recommendations

    The Race to Replace POTS Lines: Keeping Your People and Facilities Safe

    Don't wait until it's too late—join our webinar to learn how healthcare organizations are racing to replace obsolete POTS lines, ensuring compliance, reducing liability, and maintaining...

    Transform Care Team Operations & Enhance Patient Care

    Discover how to overcome key challenges and enhance patient care in our upcoming webinar on September 26. Learn how innovative technologies and strategies can transform care team...

    Prior Authorization in Healthcare: Why Now?

    Prepare your organization for the CMS 2027 mandate on prior authorization via API. Join our webinar to explore investment insights, real-time data exchange, and the benefits of...

    Securing Remote Radiology with the Zero Trust Exchange

    Discover how the Zero Trust Exchange is transforming remote radiology security. This video delves into innovative solutions that protect sensitive patient data, ensuring robust...