Kaiser Permanente (Kaiser) – the largest nonprofit health plan in the United States – has disclosed a data breach that impacted over 69,000 people.
The incident took place on April 5th, when an unauthorized party gained access to an employee’s emails.
Despite the attempts of Kaiser to quickly resolve the issue (the access was terminated “within hours”,) the provider cannot rule out the possibility that patients were affected. The accessed emails contained protected health information.
The data included “first and last name, medical record number, dates of service, and laboratory test result information.” In turn, Social Security number and credit card numbers were excluded.
So far, there is no evidence of identity theft or misuse of protected health information, according to Kaiser’s statement.
In response to the incident, Kaiser took a number of mitigation steps to ensure data security.
“This included resetting the employee’s password for the email account where
unauthorized activity was detected. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future,” the company’s statement says.
Kaiser did not mention the exact number of affected patients, but the breach filing with the US Department of Health and Human Services Office for Civil Rights lists 69,589 potential victims.
Earlier last year, a cyberattack hit a children’s hospital in Boston, attributed to Iran.
More from Cybernews:
Subscribe to our newsletter