Kaiser Permanente Data Breach Exposes 13.4M Patients to Advertisers
April 29, 2024
Kaiser Permanente, a leading US health company, experienced a data breach impacting 13.4 million patients.
Personal information exposed includes names, IP addresses, page visits, sign-in status, and search terms, but not usernames, passwords, or financial details.
The breach was due to improperly configured tracking code on Kaiser's websites and apps, allowing data access to third-party advertisers like Google and Microsoft Bing.
Kaiser Permanente has since removed the tracking tools and implemented additional security measures to prevent future breaches.
The company will notify affected patients in May and has reported the incident to authorities, though no misuse of data has been identified yet.
The US government is investigating the breach amid a growing number of data security incidents within the healthcare sector.
Summary based on 5 sources
Get a daily email with more Cybersecurity stories
Sources

Dark Reading • Apr 29, 2024
13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers
Malwarebytes • Apr 29, 2024
Kaiser health insurance leaked patient data to advertisers | Malwarebytes
SecurityWeek • Apr 29, 2024
Kaiser Permanente Discloses Data Breach Impacting 13.4 Million Patients
Ground News • Apr 29, 2024
Kaiser Permanente notifies members about data breach