Data Breach at Kaiser Permanente May Have Impacted 13.4 Million Customers, Organization Says

Health care service provider Kaiser Permanente has disclosed that approximately 13.4 million individuals in the United States may have been impacted by a recent data security incident.

As of December 31, 2023, there were over 12.5 million people enrolled in these health plans, as stated on the organization’s website.

However, the filing with HHS indicates that around 13.4 million members could have been impacted by the breach.

The company clarified that the breach involved unauthorized access and disclosure of information, but no cases of data misuse have been identified so far, according to a Kaiser Permanente spokesperson speaking to Reuters.

“Out of caution, we are notifying approximately 13.4 million current and former members and patients who accessed our websites and mobile applications,” Kaiser informed the news agency.

The affected individuals include both current and former customers, the spokesperson confirmed.

In a separate statement to Information Security Media Group, Kaiser Permanente mentioned that they conducted an internal investigation into the breach and found that certain online technologies used on their websites and mobile apps may have transmitted personal information to third-party vendors.

Private Info ‘Not Compromised’

The data shared with third-party vendors may include member names and IP addresses, along with details indicating if members were logged into a Kaiser Permanente account or service, their interactions on the website and apps, and search terms used in the health encyclopedia, as per the company’s statement.

However, Kaiser affirmed that usernames, passwords, Social Security numbers, financial account details, or credit card numbers were not compromised or shared with external parties.

In response to the breach, Kaiser removed the aforementioned online technologies from their platforms, as mentioned by a company spokesperson.

“Kaiser Permanente conducted a voluntary internal investigation and subsequently removed these technologies from our websites and mobile applications. Additionally, we have implemented additional security measures to prevent a recurrence of such incidents,” the company stated.

Kaiser Permanente is recognized as a leading healthcare provider in the U.S., operating numerous hospitals and medical facilities across several states, according to their website.

A spokesperson informed Information Security Media Group that the breach impacts members in all locations where Kaiser operates, and affected individuals will be notified in May.

The Epoch Times has reached out to Kaiser Permanente for further comments.

Update on UnitedHealth Group Breach

The recent data breach comes nearly two years after Kaiser Permanente reported a breach involving unauthorized access that exposed the health information of 69,000 individuals.

During that incident, an unauthorized individual accessed an employee’s email account containing patients’ protected health information, potentially exposing details such as full names, medical records, service dates, and lab test results.

Unlike the current breach, the previous one only affected patients of the Kaiser Foundation Health Plan of Washington.

As of now, this breach at the Kaiser Foundation Health Plan is the largest health data breach reported to HHS in 2024.

UnitedHealth Group has not disclosed the exact number of impacted patients in the breach, believed to be orchestrated by a cybercriminal group known as AlphV or BlackCat. They mentioned on April 29 that a substantial proportion of Americans could be affected.

Reuters contributed to this report.