According to an investigation conducted by Kaiser, the organization shared patients’ information with vendors such as Google, Microsoft, and X (formerly Twitter) through online tracking codes embedded on its websites and mobile applications.
Data Shared with Advertisers
Kaiser revealed that the data shared with advertisers includes member names and IP addresses. Furthermore, information was also transmitted about whether members were signed into a Kaiser Permanente account or service and how they interacted with the website and mobile applications. Additionally, search terms used in the health encyclopedia were also included.
The organization has since removed the tracking code from its websites and mobile apps to prevent further data breaches.
Notifying Affected Members
Kaiser spokesperson Diana Yee stated that the organization will begin notifying 13.4 million affected current and former members who accessed its websites and mobile apps in May. The notifications will be rolled out across all markets where Kaiser Permanente operates.
The health giant also filed a legally required notice with the U.S. government on April 12 but made public on Thursday confirming that 13.4 million residents had information exposed.
HIPAA Regulations
U.S. organizations covered under the Health Insurance Portability and Accountability Act (HIPAA) are required to notify the Department of Health and Human Services of data breaches involving protected health information, such as medical data and patient records.
Kaiser also notified California’s attorney general of the data breach but did not provide further details.
The Kaiser Foundation Health Plan
The Kaiser Foundation Health Plan is the parent organization of several entities that make up Kaiser Permanente, one of the largest healthcare organizations in the United States. The Kaiser Foundation Health Plan provides health insurance plans to employers and reported 12.5 million members as of the end of 2023.
Breach Details
The breach at Kaiser is listed on the Department of Health and Human Services’ website as the largest confirmed health-related data breach of 2024 so far.
Related Stories
- Change Healthcare Experiences Data Breach, Affecting Millions of Patients
- Cyberattack on Healthcare Company Exposes Personal Information of Thousands
- Security Concerns: Healthcare Organizations Targeted by Hackers
Contact the Reporter
To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents securely via SecureDrop.
View More Security Stories
- Researchers Open Source Sky-T1, a ‘Reasoning’ AI Model That Can Be Trained for Less Than $450
- I Got Soaked Driving the Arc Sport Electric Boat
Subscribe for the Industry’s Biggest Tech News
Every weekday and Sunday, you can get the best of TechCrunch’s coverage. Add TechCrunch Daily News to your subscription choices.
TechCrunch Daily News
Stay up-to-date with the latest news in tech by subscribing to our daily newsletter.
Subscribe for Free
By submitting your email, you agree to our Terms and Privacy Notice.