Data Breach of Kaiser Permanente Exposes 70,000 Records
Table of Contents
- By Patrick Ryan
- Jun 16, 2022
The medical records of nearly 70,000 individuals have been exposed in a massive data breach. The breach occurred at Kaiser Permanente.
Below, we perform a deep dive into the Kaiser data breach to give readers a better sense of why and how the hack occurred.
When did the Attack Occur?
Kaiser Permanente’s breach occurred in April. The hackers obtained access to the details pertaining to private accounts by way of email.
The specific words commonly used in reports that describe the data breach are “email compromise,” as protected health information within a targeted employee’s emails were illegally accessed. The employee in question works for the Kaiser Foundation Health Plan of Washington.
How did Kaiser Permanente Respond to the Breach?
The company acknowledged the attack in a letter sent to all affected clients earlier this June. The letter stated that the emails that were illegally accessed revealed detailed and potentially valuable information about patients. The data breach could easily lead to identity theft.
According to Kaiser Permanente’s letter to affected patients, the attack spanned multiple hours.
Kaiser’s digital security specialists were able to terminate the activity. However, the company is still wrapping up an investigation to gauge the full scope.
At this time, it is unclear as to whether the digital miscreants obtained access to patients’ personal health information. At the moment, Kaiser insists there is no evidence of identity theft or the misuse of patients’ protected health information stemming from the hack.
Kaiser’s public relations team also noted that the United States Department of Health and Human Services Office for Civil Rights is conducting an investigation in addition to the company’s own internal investigation. Though Kaiser deserves credit for being proactive and notifying its customers of the breach, there is some question as to whether the company had an adequate incident response. Furthermore, it took several months for Kaiser to come clean about the hack, meaning company leaders are likely disappointed with the incident and response as they waited longer than customers would have preferred to reveal the truth of the matter.
What can be Learned From the Breach?
Business owners, managers, and others who make decisions pertaining to digital security should recognize the need for significant auditing controls. Such controls empower businesses to rapidly pinpoint the specific data accessed by digital miscreants.
Be hyper-aware of the potential for Business Email Compromise (BEC) to ensnare your business as occurred in the breach described above, provide your team with the tools and knowledge necessary to avoid similar pitfalls, and you will rest easy knowing you have done your part to protect your network and computers.
Above all, business owners and managers should be aware that it merely takes one employee to fall prey to a phishing scam or other online trap for the company to suffer as a whole.
A business is only as strong as its weakest link. If you own, manage or influence a business’s decisions, consider the merits of digital security protections and possibly even digital security training for your employees.