About 13.4 million current and former Kaiser Permanente members and patients were potentially impacted by a privacy breach, the health care provider said.
Kaiser says it’s alerting past and present customers and the health organization wasn’t aware of any misuse of members or patients’ information.
The data possibly collected included IP addresses, members’ names and how members navigated on Kaiser’s website or mobile apps due to code embedded on those sites.
A cyber expert told ABC7 that this case is more of a privacy breach than a data one, in which criminals break into a system to steal and sell personal information.
“In the case of a privacy breach, which this seems to be, it’s an instance where Kaiser shared personal data with other organizations, in this case, potentially Twitter/X, potentially Google, potentially Microsoft,” said Dr. Clifford Neuman, Director of USC Center for Computer Systems Security.
In a statement to Eyewitness News, Kaiser Permanente said in part:
“No usernames, passwords, Social Security numbers, financial account information, or credit card numbers were included in the transmission to these third parties. Kaiser Permanente conducted a voluntary internal investigation into the use of these online technologies, and subsequently removed them from the websites and mobile applications.”
The organization apologized to its members, letting them know that they have taken safeguards and other measures to help guard against a reoccurrence of this issue.