Kaiser Permanente exposed data on 13.4 million members to tech companies

Kaiser Permanente has suffered an accidental data breach, exposing personal information of 13.4 million health plan members to third parties. The incident was reported to U.S. Department of Health and Human Services (HHS) on April 12 and made public earlier this week. 

According to reporting in TechCrunch, the “breach” is not a result of hackers or malicious actors. Instead, it stems from website trackers that share information with advertisers, namely Microsoft, Meta and Google. Kaiser was apparently unaware these programs were sending sensitive personal information on patients to tech companies. 

The tracking has been removed from Kaiser’s website and mobile platform, and they do not believe any of the data has been used for any purpose other than advertising. 

However, the information sent to advertisers is extensive, including patient names, IP addresses and details on why users were logged into Kaiser’s website. These trackers also follow users around the web, gathering browsing information. These details can be gathered to decipher clues on a patient’s diagnosis and medical history. 

This data is then used to serve targeted ads on Google, social media platforms and other websites. 

In a similar incident still being litigated, Atrium Health is accused of allegedly using tracking technology that exposed sensitive patient information to advertisers and social media companies. 

The Kaiser security incident is one of the largest breaches this year. While it’s likely the Change Healthcare ransomware attack will end up affecting more individuals, specific numbers have yet to be released as fallout from that data breach is still unfolding. 

Kaiser has begun notifying the affected 13.4 million people about the breach.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”