Health insurance giant Kaiser notifies millions of a data breach
U.S. health conglomerate Kaiser is notifying millions of its members of a data breach earlier this month.
In a legally required notice filed with the U.S. government on April 12 but made public on Thursday, the Kaiser Foundation Health Plan confirmed that 13.4 million residents had information taken in a data breach.
The notice did not share the specific nature of the data breach, describing the incident only as “unauthorized access/disclosure” involving a network server.
U.S. organizations covered under the health privacy law known as HIPAA are required to notify the U.S. Department of Health and Human Services of data breaches involving protected health information, such as medical data and patient records. Kaiser also notified California’s attorney general of the data breach, but did not provide any further details.
Kaiser spokesperson Catherine Hernandez did not respond to a request for comment Thursday.
The Kaiser Foundation Health Plan is the parent organization of several entities that make up Kaiser Permanente, one of the largest healthcare organizations in the United States. The Kaiser Foundation Health Plan provides health insurance plans to employers and reported 12.5 million members as of the end of 2023.
The breach at Kaiser is listed on the Department of Health and Human Services’ website as the largest confirmed health-related data breach of 2024 so far.
It’s unclear if the breach at Kaiser is related to the ongoing recovery at U.S. health tech giant Change Healthcare, which was hit by ransomware in February. Earlier this week, Change Healthcare’s parent company UnitedHealth Group said that the criminal hackers stole sensitive health information on a “substantial proportion of people in America,” but fell short of providing a clear figure.
Do you know more about the data breach at Kaiser? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.