Kaiser Permanente reports data breach, 13.4M people impacted

Kaiser Permanente, a prominent healthcare organization based in Oakland, California, has been implicated in a significant data breach affecting approximately 13.4 million current and former patients.

The breach involved the unintended sharing of personal information with third-party advertisers due to tracking technology on the company's websites and mobile applications. The compromised data includes:

• patients' names,
• IP addresses,
• account login indicators,
• how individuals interacted with Kaiser Permanente's online platforms.

Kaiser claims that no sensitive information such as Social Security numbers, financial details, usernames, or passwords was disclosed.

The tracking technologies responsible for the breach have been identified as transmitting personal data to external entities including Google, Microsoft Bing, and X (formerly known as Twitter). Following an internal investigation, Kaiser Permanente has removed these technologies from its platforms and implemented additional security measures to prevent future occurrences.

The organization has started the process of notifying the affected individuals and has reported the incident to relevant authorities, including the Department of Health and Human Services and the California attorney general. Kaiser Permanente has not observed any misuse of the exposed data.