Kaiser Permanente, a leading US health company, experienced a data breach impacting 13.4 million patients.

Personal information exposed includes names, IP addresses, page visits, sign-in status, and search terms, but not usernames, passwords, or financial details.

The breach was due to improperly configured tracking code on Kaiser's websites and apps, allowing data access to third-party advertisers like Google and Microsoft Bing.

Kaiser Permanente has since removed the tracking tools and implemented additional security measures to prevent future breaches.

The company will notify affected patients in May and has reported the incident to authorities, though no misuse of data has been identified yet.

The US government is investigating the breach amid a growing number of data security incidents within the healthcare sector.