5 minutes reading
The US healthcare giant, Kaiser Permanente, admitted to a data breach. The mammoth data breach that would have hit up to 13.4 million individuals has just been unearthed. According to Kaiser Permanente, “trackers previously installed on its websites and mobile applications may have transmitted personal information to third-party vendors, when members and patients accessed its websites or mobile applications.” This is a stunning disclosure of the type of information leaked and what could lie ahead for millions of Kaiser Permanente members and patients.
Subscribe to Our Newsletter On Linkedin
Sign up to Stay Tuned with the Latest Cyber Security News and Updates
How Does the Data Breach Occur?
One of the larger providers in the US, Kaiser Permanente, has suffered a breach that has impacted over 13.4 million individuals. This puts personal information linked to patients and plan members at potential risk from unauthorized individuals.
The health provider did not say clearly what kind of information was accessed. Kaiser Permanente said the accessed data may have included names, IP addresses, etc. In addition to the search terms entered by the user of the health encyclopedia, it has been reported that this data is derived from the information being collected by the sites and applications through the tracking codes.
Who Received the Exposed Information?
The exposed data was potentially shared with several third-party vendors, including:
- Microsoft Bing
- X (Twitter)
These companies likely received information about user activity on Kaiser Permanente’s digital platforms, but the exact nature and extent of the data remain unclear.
Book a Free Demo Call with Our People Security Expert
What Tracking Codes Do?
Tracking codes are small pieces of code embedded in websites or applications. The tracking codes can provide one with the activities a user has indulged in, from the pages visited to the buttons clicked—or even hovered on, among other things. This information is used in site analytics, advertising, and personalization.
What has Kaiser Permanente Done?
Since the breach has been detected, Kaiser Permanente has been in the process of taking some measures about the situation.
Removing Tracking Codes: They have now removed the problematic tracking codes from their websites and apps.
Steps Taken to Enhance Security: To enhance security, other measures have also been put in place to help avert this in the future.
Notifying Authorities and Individuals: They have informed the pertinent regulatory authorities and all the individuals upon whom the breach of data has had an impact.
Kaiser Permanente Breach Fuels Privacy Concerns
The data breach at Kaiser Permanente does not exist in a vacuum. The medical provider has been under earlier legal attacks for months to its use of tracking technologies.
Lawsuits Allege Privacy Violations: Since last summer, Kaiser Permanente has been embroiled in a class-action lawsuit alleging the company discloses to third parties confidential medical information, among other ways, by using Web-tracking tools without user consent. The lawsuits go on to accuse sensitive details of medical topics researched, choices made for treatment, and communication with health providers of potentially being exposed.
Surge in Healthcare Tracking Tech Lawsuits: Healthcare Tracking Tech: This becomes not an isolated issue, with others being against VillageMD regarding the sharing of patient data with Facebook and Google and Atrium Health regarding allowing patient data to go to Facebook, wherein allegedly tracking technologies were able to somehow share patient data.
Regulators Scrutinize Tracking Practices: Regulators are also stepping in. On its part, HHS has released guidance on how HIPAA may apply to online tracking tools. The FTC and HHS also provided caution to hospitals that may have used these tools that they also might be violating patient privacy.
Industry Pushback: The American Hospital Association (AHA) argues that tracking tech allows valuable insights on how websites can be improved and how patients can access care more easily. HHS has even gone as far as suing over the proposed restrictions in tracking tools.
A Balancing Act: This scenario shows the delicate relationship between patient privacy, healthcare innovation, and regulatory control. Properly balancing these factors will be of great importance going forward.
Cyber Attacks in the Healthcare Sector
A Growing Threat The data breach of Kaiser Permanente is just but among the most recent of the warning signs that the healthcare industry is steadily turning out to be more liable to cyber-attacks. Hospitals and health providers have a rich repository of patient information, including information on patient medical history, financial records, and social security numbers—very valuable to cybercriminals wanting to deal with identity theft, among other schemes.
Book a Free Demo Call with Our People Security Expert
Most healthcare organizations are using outdated IT systems, therefore being at a greater risk from cyberattacks. In addition to this, due to understaffed IT departments and lack of cybersecurity awareness, weaknesses are developed that the hackers exploit. Cyberattacks can disrupt the critical delivery of health services, which might potentially delay diagnoses and treatment. In some scenarios, even life-saving equipment might be brought to a complete halt, thereby risking the patients.
What Precaution You Can Take?
At this time we do not have the details of what information was actually exposed, but here are a few ways you can help protect yourself:
Stay Informed: Keep on monitoring your email and the Kaiser Permanente website for updates regarding the data breach. They may disclose the types of data that were breached and outline some in-depth guides to be followed by the victims.
Checking Account Statements: Regularly go through all bank statements and make sure there is no unauthorized activity. In case of any abnormal transaction, report to Kaiser Permanente or correct law enforcement right away.
Change your passwords: Consider changing your passwords for any account you used on Kaiser Permanente’s websites or apps, particularly if you are using the same password elsewhere.
Beware of Phishing: Your info from this breach may be used in a phishing attack. Caution with emails, calls, or texts out of the blue from Kaiser Permanente. Click on no strange links, or share any information until you are sure it’s a legitimate communication from us.
What Are the Learning Kaiser Data Breachs?
This incident highlights the importance of data privacy and the potential risks associated with online tracking practices. Here are some takeaways:
- Be Mindful of Tracking: Users should be aware of the tracking technologies used on websites and apps they visit. Look for privacy policies and adjust settings if possible to limit tracking.
- Strong Passwords: Maintaining strong and unique passwords for all your online accounts is crucial in protecting your personal information.
- Data Sharing: Be cautious about the information you share online, especially on healthcare platforms.
Looking Ahead
The Kaiser Permanente data breach raises concerns about data security and user privacy. Staying informed, being vigilant, and taking steps to protect your information online are essential in the digital age. Hopefully, stricter regulations and user awareness will lead to a more secure online environment for everyone.
Technical Content Writer at Threatcop
Ritu Yadav is a seasoned Technical Content Writer at Threatcop, leveraging her extensive experience as a former journalist with leading media organizations. Her expertise bridges the worlds of in-depth research on cybersecurity, delivering informative and engaging content.
