Data Breach of Kaiser Permanente Exposes 70,000 Records   

  • By Patrick Ryan
  • Jun 16, 2022

The medical records of nearly 70,000 individuals have been exposed in a massive data breach. The breach occurred at Kaiser Permanente. 
Below, we perform a deep dive into the Kaiser data breach to give readers a better sense of why and how the hack occurred.

When did the Attack Occur?

Kaiser Permanente’s breach occurred in April. The hackers obtained access to the details pertaining to private accounts by way of email. 
The specific words commonly used in reports that describe the data breach are “email compromise,” as protected health information within a targeted employee’s emails were illegally accessed. The employee in question works for the Kaiser Foundation Health Plan of Washington.

How did Kaiser Permanente Respond to the Breach?

The company acknowledged the attack in a letter sent to all affected clients earlier this June. The letter stated that the emails that were illegally accessed revealed detailed and potentially valuable information about patients. The data breach could easily lead to identity theft.

According to Kaiser Permanente’s letter to affected patients, the attack spanned multiple hours. 
Kaiser’s digital security specialists were able to terminate the activity. However, the company is still wrapping up an investigation to gauge the full scope. 
At this time, it is unclear as to whether the digital miscreants obtained access to patients’ personal health information. At the moment, Kaiser insists there is no evidence of identity theft or the misuse of patients’ protected health information stemming from the hack.

Kaiser’s public relations team also noted that the United States Department of Health and Human Services Office for Civil Rights is conducting an investigation in addition to the company’s own internal investigation. Though Kaiser deserves credit for being proactive and notifying its customers of the breach, there is some question as to whether the company had an adequate incident response. Furthermore, it took several months for Kaiser to come clean about the hack, meaning company leaders are likely disappointed with the incident and response as they waited longer than customers would have preferred to reveal the truth of the matter.

What can be Learned From the Breach?

Business owners, managers, and others who make decisions pertaining to digital security should recognize the need for significant auditing controls. Such controls empower businesses to rapidly pinpoint the specific data accessed by digital miscreants.  

Be hyper-aware of the potential for Business Email Compromise (BEC) to ensnare your business as occurred in the breach described above, provide your team with the tools and knowledge necessary to avoid similar pitfalls, and you will rest easy knowing you have done your part to protect your network and computers.

Above all, business owners and managers should be aware that it merely takes one employee to fall prey to a phishing scam or other online trap for the company to suffer as a whole. 
A business is only as strong as its weakest link. If you own, manage or influence a business’s decisions, consider the merits of digital security protections and possibly even digital security training for your employees. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

How to Prevent Data Loss from a Phone Scam

How to Prevent Data Loss from a Phone Scam

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

UNM Health Data Breach

UNM Health Data Breach

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.