Kaiser Permanente announces data breach, patient information compromised

Rene Ray De La Cruz, Victorville Daily Press
·2 min read

Kaiser Permanente officials told its members on Friday that their private information was subject to an online data breach.

The Oakland-based health care provider has nearly 13 million members nationwide and more than 9.3 million in California, implying that the breach may have possibly affected nearly a million former members.

Kaiser Permanente officials told its members on Friday that their private information was subject to an online data breach.
Kaiser Permanente officials told its members on Friday that their private information was subject to an online data breach.

The Kaiser letter stated that on Oct. 25, 2023, the health care provider determined that certain “online technologies,” may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X, formerly Twitter.

The online technologies were installed on Kaiser’s websites and mobile applications, and are commonly known as cookies or pixels, Kaiser said.

The private information was made available when Kaiser members and patients accessed company websites or mobile applications, the company stated.

“These technologies are sometimes used by organizations to understand how consumers interact with websites and mobile applications. We apologize that this incident occurred,” the letter said.

What information was involved? 

The information possibly involved was limited to IP addresses, names, and information that could indicate the individual was signed into a Kaiser Permanente account or service.

Additionally, information showing how members interacted with and navigated through Kaiser’s website or mobile applications, and search terms used in the health encyclopedia.

Information not included in the incident included detailed information concerning Kaiser Permanente account credentials (username and password), Social Security numbers, financial account information and credit card numbers

Safety measures

Kaiser officials stated that theyconducted a voluntary internal investigation into the use of these online technologies, and subsequently removed them from its websites and mobile applications.

In addition, the company has implemented additional measures with the guidance of experts to safeguard against the recurrence of this type of incident.

Kaiser Permanente officials stated they are not aware of any misuse of information.

“Your Kaiser Permanente account credentials (username and password), Social Security number, financial account information, and credit card number were not involved in this incident,” the company said.

Regardless, it is always advisable to remain vigilant against attempts at identity theft or fraud, which includes reviewing online and financial accounts, credit reports, and Explanations of Benefits for suspicious activity. This is a best practice for all individuals, Kaiser officials stated.

“There is no evidence that your information has been misused,” the company said. “If you are concerned about identity theft and would like more information on ways to protect yourself, visit the Federal Trade Commission’s Identity Theft website at identitytheft.gov.”

Those with questions or concerns about Kaiser’s announcement should call 866-528-9259, between 7 a.m. to 7 p.m. CST Monday through Friday.

Daily Press reporter Rene Ray De La Cruz may be reached at RDeLaCruz@VVDailyPress.com. Follow him on X @DP_ReneDeLaCruz

This article originally appeared on Victorville Daily Press: Kaiser Permanente announces online data breach