Kaiser Permanente (Kaiser) – the largest nonprofit health plan in the United States – has disclosed a data breach that impacted over 69,000 people.
The incident took place on April 5th, when an unauthorized party gained access to an employee’s emails.
Despite the attempts of Kaiser to quickly resolve the issue (the access was terminated “within hours”,) the provider cannot rule out the possibility that patients were affected. The accessed emails contained protected health information.
The data included “first and last name, medical record number, dates of service, and laboratory test result information.” In turn, Social Security number and credit card numbers were excluded.
So far, there is no evidence of identity theft or misuse of protected health information, according to Kaiser’s statement.
In response to the incident, Kaiser took a number of mitigation steps to ensure data security.
“This included resetting the employee’s password for the email account where
unauthorized activity was detected. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future,” the company’s statement says.
Kaiser did not mention the exact number of affected patients, but the breach filing with the US Department of Health and Human Services Office for Civil Rights lists 69,589 potential victims.
Earlier last year, a cyberattack hit a children’s hospital in Boston, attributed to Iran.
More from Cybernews:
Is a cyberattack on Starlink as bad as hacking a military satellite?
Hackers knock out two German energy suppliers
PACMAN capable of defeating Apple M1 chip: software updates crucial
Apple AirTag used to track and murder a man in the US
Here is how fast threat actors can encrypt your data
Subscribe to our newsletter
Your email address will not be published. Required fields are marked