Connect with us

Hi, what are you looking for?


Data Breaches

Kaiser Permanente Data Breach Impacts 13.4 Million Patients

US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.

US healthcare giant Kaiser Permanente is notifying 13.4 million current and former patients that their personal information was exposed to third-party advertisers.

Kaiser Permanente said trackers previously installed on its websites and mobile applications “may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications.”

In a statement sent to SecurityWeek, Kaiser Permanente said the exposed information may have included names, IP addresses, and terms users searched for in the health encyclopedia. 

“Information that could indicate a member or patient was signed into a Kaiser Permanente account or service, information showing how a member or patient interacted with and navigated through the website and mobile applications” was also compromised, the company said.

“No usernames, passwords, Social Security numbers, financial account information, or credit card numbers were included in the transmission to these third parties,” Kaiser Permanente said.

The organization also noted that, after an internal investigation, the tracking technologies were removed from its websites and mobile applications and safeguards were added to prevent similar data breaches.

“Kaiser Permanente is not aware of any misuse of any member’s or patient’s personal information. Nevertheless, out of an abundance of caution, we are informing approximately 13.4 million current and former members and patients who accessed our websites and mobile applications,” according to the statement. 

While the healthcare giant says it is not aware of the leaked data being misused, information collected by trackers is routinely sold through advertisers, data brokers, and marketers, and the fact that legitimate companies were the recipients of the data is “a small consolation from a data privacy perspective”, Swimlane security automation architect Nick Tausek pointed out in an emailed comment.

Advertisement. Scroll to continue reading.

Kaiser Permanente informed the US Department of Health and Human Services and the California Attorney General’s Office of the data breach on April 12.

The Oakland, Calif-based organization is part of the Kaiser Foundation Health Plan, one of the largest healthcare and health coverage groups in the US. Founded in 1945, Kaiser Foundation Health Plan operates 39 hospitals and over 700 medical offices, employs more than 24,000 physicians and over 73,000 nurses, and provides care to more than 12.4 million patients.

Related: 180k Impacted by Data Breach at Michigan Healthcare Org

Related: 530k Hit by Data Breach at Wisconsin Healthcare Organization

Related: US Cancer Center Data Breach Impacting 800,000

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.